CVE-2022-31702

vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication...

VMware vRealize Network Insight 命令注入漏洞

VMware vRealize Network Insight is a tool from VMware, Inc. that helps customers build optimized, highly available and secure network infrastructures across multi-cloud environments. A security vulnerability exists in VMware vRealize Network Insight that stems from its vRNI REST API that allows...

CVE-2022-31702

CVE-2022-31702 affects VMware vRealize Network Insight (vRNI) via a command injection vulnerability in the vRNI REST API. The issue allows a remote attacker with network access to the REST API to execute commands without authentication, potentially leading to remote code execution. Connected sour...

PT-2022-5842 · Vmware · Vrealize Network Insight

Name of the Vulnerable Software and Affected Versions: vRealize Network Insight vRNI affected versions not specified Description: The issue is related to a command injection vulnerability in the vRNI REST API. This vulnerability allows a malicious actor with network access to the vRNI REST API to...

CVE-2022-31702

vRealize Network Insight vRNI contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authentication...

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users PoC When the "Block access to users' data via REST API" settings is enabled...

WP Cerber < 9.3.3 - User Enumeration Bypass via Rest API

The plugin does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users When the "Block access to users' data via REST API" settings is enabled...

VMSA-2022-0031:VMware vRealize Network Insight (vRNI) updates address command injection and directory traversal security vulnerabilities

Advisory ID: VMSA-2022-0031 CVSSv3 Range: 7.5-9.8 Issue Date:2022-12-13 Updated On: 2022-12-13 Initial Advisory CVEs: CVE-2022-31702, CVE-2022-31703 Synopsis: VMware vRealize Network Insight vRNI updates address command injection and directory traversal security vulnerabilities CVE-2022-31702,...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 Train for Red Hat Enterprise Linux RHEL 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2019-12399)

Summary Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure . IBM has addressed the relevant vulnerability. Vulnerability Details CVEID:CVE-2019-12399 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a flaw in the Conne...

Atlassian Crowd 3.x / 4.x < 4.4.4 / 5.x < 5.0.3 Security Bypass (CWD-5888)

The version of Atlassian Crowd installed on the remote host is 3.x, 4.x prior to 4.4.4, or 5.x prior to 5.0.3. It is, therefore, affected by a security bypass vulnerability due to security misconfiguration. An unauthenticated, remote attacker can exploit this by authenticating as the crowd...

GLPI 9.1 < 9.5.6 Rest API IP Restriction Bypass

GLPI in version 9.1 9.5.6 with API Rest enabled is vulnerable to API bypass with custom header injection. No source data...

MTN Group: Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] Not Resolved ()

On this report's 735586 You closed the report and changed the status to Resolved. But it's Not Resolved The Bug It's Still there url: https://www.mtn.com/wp-json/wp/v2/users/ Sorry to say this still i can reproduce this issue please remove /wp-json/wp/v2/users/ file if your domain dont use that...

Atlassian Addresses Issues in Crowd and Bitbucket Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...

Vulnerabilities fixed in XWiki

Vulnerabilities have been fixed in XWiki. A malicious person can by importing a prepared XAR file can exploit the exploit the vulnerability to view or edit any page, whereas it should be editing, when it should not be available to the malicious party. Also, potentially sensitive information can b...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45073

Cross-Site Request Forgery CSRF vulnerability in REST API Authentication plugin = 2.4.0 on WordPress...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

Remote code execution

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...