PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

[SECURITY] Fedora 35 Update: golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...

Adob​​e RoboHelp 授权问题漏洞

Adobe RoboHelp is a help authoring tool developed and distributed for Windows by Adobe. An authorization issue vulnerability exists in Adobe RoboHelp and Adobe RoboHelp Server 11 Update 3 and earlier versions, which stems from a vulnerability that allows a user with non-administrative privileges ...

[SECURITY] Fedora 36 Update: golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

Magento executes code via the API File Option Upload Extension

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

GHSA-H742-XX59-R9PQ Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

GHSA-M497-HQ5X-6JCV Mattermost Server allows attackers to create buttons that can launch API requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

GHSA-Q3G9-HGRX-HWHX Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

GHSA-H972-CWJV-2V39 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...

CVE-2022-29847

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host...

CVE-2022-29848

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in Gitlab CE/EE. An attacker could exploit the...