Drupal 9.4.x < 9.4.3 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...

Drupal 7.x < 7.91 / 9.3.x < 9.3.19 / 9.4.x < 9.4.3 Multiple Vulnerabilities (drupal-2022-07-20)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19, or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities. - The Media oEmbed iframe route does not properly validate the iframe domai...

DRUPAL-CORE-2022-014

Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers. Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference:...

Apache CloudStack XML External Entity Injection Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An XML external entity injection vulnerability exists in Apache...

Ubuntu 18.04 LTS / 20.04 LTS : Apache XML Security for Java vulnerability (USN-5525-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5525-1 advisory. It was discovered that Apache XML Security for Java incorrectly passed a configuration property when creating specific key elements. This allows an...

GHSA-8GPG-466C-5CPJ Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can't establish the connection...

CVE-2022-34169

CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...

CVE-2022-35741

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...

CVE-2022-36127

CVE-2022-36127 affects the Apache SkyWalking NodeJS Agent prior to version 0.5.1. A vulnerability can cause NodeJS services with the agent installed to become unavailable when the OAP is unhealthy and the agent cannot establish a connection. This aligns with multiple sources describing a NodeJS a...

Travel Tours Script 1.0 SQL Injection

┌┌────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

CVE-2021-34538

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized or underprivileged...

CVE-2021-34538

CVE-2021-34538 affects Apache Hive (before 3.1.3). The vulnerability arises when performing CREATE and DROP operations for UDFs, as authorization checks for involved entities are missing. This could allow an unauthorized user to drop and recreate UDFs and point them to new jars that may be malici...

Moderate: Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2022-2025)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Druid Cross-Site Scripting Vulnerability

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker...

Remote code execution

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

Apache Druid before 0.23.0 vulnerable to clickjacking

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header...

CVE-2022-31137

CVE-2022-31137 affects Roxy-WI prior to 6.1.1.0. A remote code execution vulnerability exists where system commands can be executed via the subprocess_execute function in /app/options.py without proper input validation, and attackers can exploit it without authentication. The issue is mitigated b...

CVE-2022-31081

HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...