35 matches found
Nginx UI 代码问题漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI 2.3.4 and earlier have code vulnerabilities. This vulnerability allows authenticated users to create cluster nodes that point to arbitrary internal URLs and send API requests with the X-Node-ID header, resulting in SSR...
EUVD-2024-50711
Malicious code in bioql PyPI...
CVE-2025-48710
kro Kube Resource Orchestrator 0.1.0 before 0.2.1 allows users with permission to create or modify ResourceGraphDefinition resources to supply arbitrary container images. This can lead to a confused-deputy scenario where kro's controllers deploy and run attacker-controlled images, resulting in...
CVE-2024-12247
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
CVE-2024-12247
Summary: CVE-2024-12247 affects Mattermost. Affected versions: 9.7.x up to 9.7.5, 9.8.x up to 9.8.2, and 9.9.x up to 9.9.2. Root cause: failure to propagate permission scheme updates across cluster nodes. Impact: a user can retain old permissions even after the permission scheme is updated. Evide...
CVE-2024-12247 Improper propagation of permission scheme updates across cluster nodes
Mattermost versions 9.7.x = 9.7.5, 9.8.x = 9.8.2 and 9.9.x = 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 9.7.x through 9.7.5, 9.8.x through 9.8.2, and 9.9.x through 9.9.2, which stems from an inability to properly propagate privilege scheme updates...
CVE-2024-49369
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
DEBIAN-CVE-2024-49369
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
UBUNTU-CVE-2024-49369
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
BIT-MYSQL-CLIENT-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...
BIT-MARIADB-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...
Important: Red Hat Security Advisory: Fence Agents Remediation Operator 0.2.1 security update
This is an updated version for the fence-agents-remediation-operator-bundle-container and the fence-agents-remediation-operator-container. It is now available for Fence Agents Remediation 0.2 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A...
ALBA-2021:3578 pacemaker bug fix and enhancement update
The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Bug Fixes and Enhancements: pacemaker seems to end up in an unfence loop BZ1972273 On a three-node cluster if two nodes are...
CVE-2021-22025
The vRealize Operations Manager API 8.x prior to 8.5 contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster...
CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...
Command injection
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrepsstmethod allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and...