GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

Magento executes code via the API File Option Upload Extension

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

GHSA-M497-HQ5X-6JCV Mattermost Server allows attackers to create buttons that can launch API requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

GHSA-H742-XX59-R9PQ Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

GHSA-Q3G9-HGRX-HWHX Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

The vulnerability of the input/output function in the next-generation software for Cisco Enterprise NFV Infrastructure Software (NFVIS), which allows a hacker to enhance their privileges

The vulnerability of the input/output function in the next-generation software for Cisco Enterprise NFV Infrastructure Software NFVIS is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by sending API calls from a virtual...

GHSA-H972-CWJV-2V39 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...

CVE-2022-29848

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system...

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in Gitlab CE/EE. An attacker could exploit the...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openshift-origin-controller is a The OpenShift Origin Controller is a Rails plugin which provides the models and controllers which implement the application and user management functionality and provides a REST API. Affected versions of this package are vulnerable to Improper...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from a security vulnerability that could be exploited by an attack...

CVE-2022-20747

A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker cou...

Cisco Iox 路径遍历漏洞

Cisco Iox is a secure development environment from Cisco that combines Cisco IOS and Linux OS for secure network connectivity and development of IOT applications. The Cisco Iox application hosting environment suffers from a path traversal vulnerability that stems from insufficient path validation...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana Enterprise. The vulnerability allows a malicious party to execute new requests execute under the permissions of old requests within the Grafana API key functionality. Grafana has made available an update with version number 8.4.6 to fix the vulnerability...