32 matches found
MinIO vulnerable to privilege escalation in IAM import API
Impact Privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f Patches commit f246c9053f9603e610d98439799bdd2a6b293427 Author: Aditya Manthramurthy Date: Wed Dec 11 18:09:40 2024 -0800 fix: Privilege escalation in IAM import API...
PT-2024-29897 · Hertzbeat · Hertzbeat
Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.6.0 Description: Hertzbeat is an open source, real-time monitoring system. It has an authenticated Remote Code Execution RCE vulnerability via unsafe deserialization in the "/api/monitors/import" API endpoint...
SUSE CVE-2019-15732
An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability...
CVE-2022-26928
Windows Photo Import API Elevation of Privilege Vulnerability...
KB5017328: Windows 11 Security Update (September 2022)
The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the...
KLA19245 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...
Input validation flaw in GitLab’s Community and Enterprise Software
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition CE and Enterprise Edition EE has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it...
GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software
DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Communi...
Mattermost 资源管理错误漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. Mattermost 6.7.0 and earlier versions are vulnerable to a resource management error, which stems from the inability of the Slack import feature to properly limit the size of imported files, and can be exploited to import...
Code injection
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the 1 fact or 2 report import API...
CVE-2013-0171
CVE-2013-0171 affects Foreman prior to version 1.1. The vulnerability allows remote attackers to execute arbitrary code by sending a crafted YAML object to the fact or report import API. Documents confirm impact as remote code execution with network access and no authentication required, but do n...