CVE-2022-2642

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that originates from the ability to make environment variables using newlines to...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Design/Logic Flaw

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

spring-boot-admin 代码注入漏洞

spring-boot-admin is an open source based on Spring boot Mybatis backend management system , with user management , menu management and role management 3 functions , permission control to the button level . A code injection vulnerability exists in spring-boot-admin versions prior to 2.6.10 and...

Amazon Linux 2022 : golang (ALAS2022-2022-239)

The version of golang installed on the remote host is prior to 1.19.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-239 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read t...

Amazon Linux 2022 : golist (ALAS2022-2022-240)

The version of golist installed on the remote host is prior to 0.10.1-11. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-240 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read ...

CVE-2022-2642

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...

CVE-2022-2642

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...

Design/Logic Flaw

Horner Automation’s RCC 972 firmware version 15.40 contains global variables. This could allow an attacker to read out sensitive values and variable keys from the device...

Horner Automation Remote Compact Controller 安全漏洞

The Horner Automation Remote Compact Controller Horner Automation RCC is a compact controller from Horner Automation, USA. A security vulnerability exists in Horner Automation Remote Compact Controller 972 firmware version 15.40, which originates from the inclusion of global variables on the...

Authentication Bypass

airtable is vulnerable to authentication bypass. The vulnerability exists because the AIRTABLEAPIKEY and AIRTABLEENDPOINTURL environment variables are inserted during browserify builds which allows an attacker to gain access to user accounts via authentication credentials...

Horner Automation Remote Compact Controller

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Horner Automation Equipment: Remote Compact Controller RCC 972 Vulnerabilities: Inadequate Encryption Strength, Use of Hard-coded Cryptographic Key, Excessive Reliance on Global Variables 2. RISK...

WordPress Checkout Field Editor for WooCommerce plugin deserialization vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. The WooCommerce WordPress plugin Checkout Field Editor Checkout Manager version 1.8.0 or earlier is...

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and...

CVE-2022-46155

Summary: CVE-2022-46155 describes a misconfiguration in Airtable.js prior to 0.11.6 where the build script would bundle AIRTABLE_API_KEY and AIRTABLE_ENDPOINT_URL into the transpiled bundle when building from source. This affects copies built from source (not npm/yarn-installed packages) if the u...