9 matches found
CVE-2026-47846
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
Dell Enterprise SONiC OS 操作系统命令注入漏洞
Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. An operating system command injection vulnerability exists in Dell Enterprise SONiC OS versions 4.1. x and 4.2.x. The vulnerability stems from improper neutralization of...
MuleSoft Mule 安全漏洞
Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports message routing, data mapping, etc. between management nodes. A security vulnerability exists in MuleSoft Mule, which can be exploited by attackers to remotely execute arbitra...
PT-2019-15961 · Cyxtera · Cyxtera Appgate Sdp Client
Name of the Vulnerable Software and Affected Versions: Cyxtera AppGate SDP Client versions 4.1.x through 4.3.x before 4.3.2 Description: A local or remote user from the same domain can gain privileges in the affected software. Recommendations: For versions 4.1.x through 4.3.x before 4.3.2, update...
CVE-2019-10203
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS...
Input validation
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation...
CVE-2014-4349
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a 1 hide or 2 unhide action...
CVE-2012-1968
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mai...