1091 matches found
GHSA-PM3H-MM62-PWM8 XML Entity Expansion in trytond and proteus
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
Debian DSA-5098-1 : tryton-server - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5098 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton...
Debian DLA-2946-1 : tryton-proteus - LTS security update
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2946 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Applicati...
CVE-2022-26662
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
CVE-2022-26662
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
Design/Logic Flaw
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
Tryton 安全漏洞
Tryton is a content management system. Tryton Application Platform Server versions 5.x through 5.0.45, 6.x through 6.0.15, 6.1.x, 6.2.x through 6.2.5 and Tryton Application Platform Command Line A security vulnerability exists in Tryton Application Platform Command Line proteus versions 5.x throu...
CVE-2022-26662
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
OESA-2022-1545 xmlrpc security update
Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Apache XML-RPC was previously known as Helma XML-RPC. If you have code using the Helma library, all you should have to do is change the import statements in your cod...
JetBrains TeamCity Security Bypass Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. A security vulnerability exists in JetBrains TeamCity, which stems from the product's failure to validate user identities. An unauthenticated attacker could use the vulnerability to...
JetBrains TeamCity Elevation of Privilege Vulnerability (CNVD-2022-15948)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity is vulnerable to a code issue vulnerability that is caused by a...
JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18622)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...
CVE-2022-24336
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server...
CVE-2022-24335
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use TOCTOU race-condition attack in agent registration via XML-RPC...
CVE-2022-24335
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use TOCTOU race-condition attack in agent registration via XML-RPC...
CVE-2022-24336
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server...
CVE-2022-24336
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server...
CVE-2022-24333
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...
Server side request forgery (ssrf)
In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...
Cross site request forgery (csrf)
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server...