529 matches found
Perforce Helix Core 资源管理错误漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via the auto-generation feature...
PT-2024-16205 · Perforce · Helix Core
Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS via the shutdown function was identified. The issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2, updat...
Perforce Helix Core 资源管理错误漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via a shutdown feature...
PT-2024-16204 · Perforce · Helix Core
Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS was identified via the refuse function. This issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2, update...
PT-2024-16181 · Perforce · Helix Core
Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS via the auto-generation function was identified. The issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2...
Perforce Helix Core 资源管理错误漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via the auto-generation feature...
@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +69 more potentially affected by CVE-2024-48964 via snyk-gradle-plugin (>=1.0.2 <=3.9.0)
snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.1.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-48964 Source advisory: OSV:GHSA-QQQW-GM93-QF6M...
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a...
CVE-2024-8067
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
Perforce Helix Core 安全漏洞
Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...
CVE-2024-8067 Unicode "best fit" argument injection
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
CVE-2024-8067
CVE-2024-8067 affects Perforce Helix Core prior to 2024.1 Patch 2 (2024.1/2655224). The issue is a Windows ANSI API Unicode “best fit” argument injection in Helix Core, caused by the best fit parameter handling. Public sources consistently describe this as a parameter injection vulnerability that...
CVE-2024-8067 Unicode "best fit" argument injection
In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...
PT-2024-38783 · Perforce · Helix Core
Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.1 Patch 2 Description: A Windows ANSI API Unicode "best fit" argument injection issue was identified. Recommendations: For versions prior to 2024.1 Patch 2, update to 2024.1 Patch 2 or later to resolve the...
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...
Apache Helix Trust Management Issues Vulnerability
Apache Helix is a general-purpose cluster management framework from the U.S. Apache Apache Foundation. Used to automate the management of partitioning, replication and distributed resources hosted on a cluster of nodes . Apache Helix suffers from a trust management issue vulnerability that stems...
Session Spoofing
org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...
GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret
The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
Apache Helix Front (UI) component contained a hard-coded secret
The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...
CVE-2024-22281
UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...