GHSA-J72X-XFWG-783F ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device data of any namespace

Summary GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID can read device metadata from any other namespac...

RHEL 8 : kpatch-patch (RHSA-2022:0590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0590 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

RHEL 7 : kpatch-patch (RHSA-2022:0592)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0592 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

CVE-2018-11717

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain depending on the modules configured the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the...