Race condition

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use TOCTOU race-condition attack in agent registration via XML-RPC...

CVE-2022-24336

JetBrains TeamCity before 2021.2.1 is affected. An unauthenticated attacker can cancel running builds by sending an XML-RPC request to the TeamCity server. Affected versions are those prior to 2021.2.1. Remediation: upgrade to 2021.2.1 or later; as a temporary workaround, restrict access to the X...

CVE-2022-24335

CVE-2022-24335 describes a TOCTOU race-condition in JetBrains TeamCity’s agent registration via XML-RPC for builds prior to 2021.2. The issue could allow an attacker to elevate privileges and impact integrity/availability; CVSSv3.1 scores show a high impact (8.1) with network access and no privil...

CVE-2022-24335

JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use TOCTOU race-condition attack in agent registration via XML-RPC...

CVE-2022-24333

CVE-2022-24333 affects JetBrains TeamCity before 2021.2, enabling blind SSRF via an XML-RPC call. The underlying issue is an XML-RPC request handling that fails to validate identities, allowing an attacker over the network to trigger SSRF without user interaction. Impact is reported as partial co...

CVE-2022-24333

In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call was possible...

JetBrains TeamCity 代码问题漏洞

JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...

Mageia: Security Advisory (MGASA-2017-0263)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-20850

PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series End-of-Life, EOL allows a remote attacker to execute an arbitrary OS command via unspecified vectors...

Python < 2.6.8, 2.7.x < 2.7.3, 3.1.x < 3.1.5, 3.2.x < 3.2.3 XML-RPC DoS (bpo-14001) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Movable Type XMLRPC API vulnerable to OS command injection

Overview Movable Type XMLRPC API provided by Six Apart Ltd. contains an OS command injection vulnerability CWE-78. Sending a specially crafted message by POST method to Movavle Type XMLRPC API may allow arbitrary OS command execution. Updated on 2021 November 10 As of 2021 November 10, a...

Six Apart Movable Type 操作系统命令注入漏洞

Six Apart Movable Type is an application from Six Apart, Inc. A command injection vulnerability exists in Six Apart Movable Type due to incorrect input validation in the Movable Type XMLRPC API, which can be exploited by an unauthenticated remote attacker to execute arbitrary operating system...

[SECURITY] Fedora 34 Update: cobbler-3.2.2-2.fc34

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

[SECURITY] Fedora 33 Update: cobbler-3.2.2-2.fc33

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

Fedora: Security Advisory for cobbler (FEDORA-2021-3a640d3d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: cobbler-3.2.2-2.fc35

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing...

VulnCheck KEV: CVE-2020-9496

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03...

Python < 2.7.17, 3.x < 3.5.8, 3.6.x < 3.6.10, 3.7.x < 3.7.5 XSS Vulnerability (bpo-38243) - Mac OS X

Python is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Golang Cryptomining Worm Offers 15% Speed Boost

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm...