OPENSUSE-SU-2022:10015-1 Security update for firejail

This update for firejail fixes the following issues: firejail was updated to version 0.9.70: -CVE-2022-31214: - root escalation in --join logic boo1199148 Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independentl...

Gentics Software Gentics CMS 跨站脚本漏洞

Gentics Software Gentics CMS is a digital publishing and content management system from the Austrian company Gentics Software. A cross-site scripting vulnerability exists in Gentics CMS version 5.36.29. An attacker can exploit this vulnerability to store malicious JavaScript code in user names an...

Cisco AppDynamics Controller Authorization Issues Vulnerability

Cisco AppDynamics Controller is Cisco's ability to monitor and analyze full-stack data through accurate tracking and analysis across a highly distributed application environment. Cisco AppDynamics Controller suffers from an authorization issue vulnerability that arises from incorrect authorizatio...

Cisco AppDynamics Controller 安全漏洞

Cisco AppDynamics Controller is Cisco's ability to monitor and analyze full-stack data through accurate tracking and analysis across a highly distributed application environment. Cisco AppDynamics Controller suffers from an authorization issue vulnerability that arises from incorrect authorizatio...

CVE-2022-31481

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP seri...

Design/Logic Flaw

An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...

CVE-2022-31481

CVE-2022-31481 is an unauthenticated firmware upload vulnerability in HID Mercury/LNL-4420 panels (Mercury LP/EP series context in vendor disclosures) that enables remote arbitrary code execution via a buffer overflow during firmware image processing. Specifically, the firmware update flow in a C...

CVE-2022-31486

An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...

Information Disclosure

openstack-tripleo-heat-templates is vulnerable to information disclosure. The vulnerability exists due to lack of santization allowing an attacker to discover the internal IP or hostname through the wwwauthenticateuri parameter configuration files...

CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration files of the affected products...

PT-2022-4903 · NetGear · Netgear N300

Name of the Vulnerable Software and Affected Versions: Netgear N300 wireless router version 1.0.0.70 Description: The issue is related to a stack overflow via strcpy in uhttpd, which can lead to a buffer overflow when processing configuration files in the uHTTPd web server. This can potentially...

Docker Desktop Access Control Error Vulnerability

Docker Desktop is a container-based desktop software for lightweight deployment of applications from Docker, Inc. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on Linux/Windows/Mac OS systems, as we...

XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

GHSA-998M-F2X3-JJQ4 CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...

GHSA-M25M-5778-FM22 Grafana world readable configuration files

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...

Grafana world readable configuration files

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml which contain a secretkey and a bindpassword are world readable...

Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token

Jenkins Mattermost Notification Plugin 2.7.0 and earlier stored webhook URLs containing a secret token unencrypted in its global configuration file and job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system...

GHSA-F24J-F97W-65H8 Centreon Privilege Escalation

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files...

Centreon Privilege Escalation

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files...

GHSA-3P8R-P4Q5-MC44 Violation Comments to GitLab Plugin has Insufficiently Protected Credentials

Violation Comments to GitLab Plugin stored API tokens unencrypted in job config.xml files and its global configuration file org.jenkinsci.plugins.jvctgl.ViolationsToGitLabGlobalConfiguration.xml on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, o...