HPE Apollo 70 缓冲区错误漏洞

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so websetremoteimageinfo function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

HPE Apollo 70 缓冲区错误漏洞

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so websetlicensecfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

HPE Apollo 70 缓冲区错误漏洞

The HPE Apollo 70 system is an Arm-based platform that provides the density and scalability required for large HPC cluster deployments. A local buffer overflow vulnerability exists in the libifc.so websetservicecfg function in the Baseboard Management Controller BMC firmware in HPE Apollo 70...

Code Injection in apolloauto/apollo

Description Arbitrary Code Excecution in genprotofile.py in ApolloAuto/Apollo. An open autonomous driving platform. Technical Description This package was vulnerable to Arbitrary code execution due to a use of a known vulnerable function load in yaml. fix is to be done genprotofile.py Exploit cod...

apolloslater.com Cross Site Scripting vulnerability OBB-1488716

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

apollo-kk.co.jp Cross Site Scripting vulnerability OBB-1388458

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

cc.jweb:jweb-boot (>=1.0.0 <=1.0.1), cn.zzq0324:feature-flag (=1.0.1) +222 more potentially affected by CVE-2020-15170 via com.ctrip.framework.apollo:apollo-core (>=1.0.0 <=1.7.0)

com.ctrip.framework.apollo:apollo-core MAVEN version =1.0.0, =1.0.0, =0.1.1, =0.1.1, =0.2.3, =0.2.3, =0.2.3, =0.2.3, =0.2.3, =0.4.0, =0.2.3, =0.2.3, =0.2.3, =0.4.0, =0.2.3, =0.4.2 and more Source cves: CVE-2020-15170 Source advisory: OSV:GHSA-XPMX-H7XQ-XFFH...

GHSA-XPMX-H7XQ-XFFH Potential access control security issue in apollo-adminservice

Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...

Potential access control security issue in apollo-adminservice

Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...

CVE-2020-15170

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

Design/Logic Flaw

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

CVE-2020-15170

CVE-2020-15170 affects apollo-adminservice prior to version 1.7.1, which does not implement access controls. Several trusted sources indicate that exposing apollo-adminservice to the Internet can allow direct access to APIs, enabling reading/editing of application configurations. The root cause i...

CVE-2020-15170

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

Improper Input Validation

apollo-adminservice does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it does not have access control built-in. Malicious hackers may access...

@commercial/hapi (=19.0.2), @hapi/hapi (>=19.0.0 <=19.0.4) +7 more potentially affected by unknown CVE via @hapi/accept (=4.0.1)

@hapi/accept NPM version =4.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @hapi/accept and may be impacted: - @commercial/hapi =19.0.2 - @hapi/hapi =19.0.0, =0.0.3, =0.27.0, =0.27.0, =0.9.0, =2.0.4, =5.0.2 Source cves: unknown CVE Source advisory...

Code Execution Vulnerability in Apollo at Shanghai Ctrip Business Co.

Apollo Apollo is a distributed configuration center developed by Ctrip's framework department. A code execution vulnerability exists in Apollo in Shanghai Ctrip Business Co. Ltd. that can be exploited by an attacker to execute arbitrary commands...

Information Disclosure

apollo-server-cloud-functions is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

Information Disclosure

apollo-server-fastify is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

Information Disclosure

apollo-server-micro is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...

Information Disclosure

apollo-server-express is vulnerable to information disclosure. The vulnerability exists as ApolloServer incorrectly drops the values of this.requestOptions.validationRules when creating a SubscriptionServer...