1072 matches found
PT-2022-5965 · Microsoft · Sharepoint Server +2
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Server Subscription Edition affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundatio...
Design/Logic Flaw
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...
CVE-2022-20696 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...
CVE-2022-20696 Cisco SD-WAN vManage Software Unauthenticated Access to Messaging Services Vulnerability
A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging...
Drupal core Information Disclosure vulnerability
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However,...
Fedora: Security Advisory for golang-github-hashicorp-serf (FEDORA-2022-ea8f4e232d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Honeywell Saia Burgess PG5 PCD 授权问题漏洞
Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control and Automation ICA devices for implementation and operational automation. A security vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD, which stems from the use of the...
[SECURITY] Fedora 35 Update: golang-github-hashicorp-serf-0.9.5-5.fc35
Serf is a decentralized solution for service discovery and orchestration that is lightweight, highly available, and fault tolerant. Serf runs on Linux, Mac OS X, and Windows. An efficient and lightweight gossip protocol is used to communicate with other nodes. Serf can detect node failur es and...
CVE-2022-30245
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...
CVE-2022-30242
Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller...
Design/Logic Flaw
Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller...
CVE-2022-30245
CVE-2022-30245 affects Honeywell Alerton Compass Software 1.6.5. The flaw allows unauthenticated configuration changes from remote users, enabling a crafted packet to alter the controller’s configuration. The changed configuration may not be reflected in the User Interface, creating an inconsiste...
CVE-2022-30242
Honeywell Alerton Ascent Control Module (ACM) up to 2022-05-04 is affected by CVE-2022-30242, allowing unauthenticated configuration changes from remote users. The root issue is unprotected remote configuration access that can store altered configuration on the controller and implement it, creati...
Goreplay - Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data
GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring and detailed analysis. About As your application grows, the effort required to test it also grows exponentially. GoReplay offers you the simple idea of reusing...
CVE-2022-20797 Cisco Secure Network Analytics Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to...
CVE-2022-20797 Cisco Secure Network Analytics Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to...
GHSA-6Q4G-84F3-MW74 Improper handling of equivalent directory names on Windows in Jenkins
Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names. On Windows, when specifying a file or folder with a trailing dot character example., the file or folder will be treated as if that character was not present example. As both are legal names f...
GHSA-25G4-P347-X748 Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
Role-based Authorization Strategy Plugin 2.12 and newer uses a cache to speed up permission lookups. Role-based Authorization Strategy Plugin 3.0 and earlier this cache is not invalidated properly when an administrator changes the permission configuration. This can result in permissions being...
GHSA-FP5M-4MQH-849P Magento 2 Community Edition Insufficient Logging
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...
Magento 2 Community Edition Insufficient Logging
An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track...