2310 matches found
CVE-2023-2355
CVE-2023-2355 affects Acronis Snap Deploy on Windows prior to build 3900. The vulnerability is a DLL hijacking local privilege escalation that can grant high confidentiality/integrity/availability impact; root cause is DLL hijack in the deployment component. Mitigation: apply build 3900 or later ...
Acronis Snap Deploy 代码问题漏洞
Acronis Snap Deploy is a platform for bulk deployment of system images from Acronis Singapore. A security vulnerability exists in Acronis Snap Deploy versions prior to 3900. An attacker could exploit the vulnerability to elevate privileges...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773 A Demonstration to show the CVE-2021-41773 vul...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
Input validation
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
Octopus Deploy 安全漏洞
Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the ability to render user-supplied input to a web page...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2022-2507
Technical details about CVE-2022-2507 are not publicly available in the provided documents; monitor official advisories and vendor updates for further information.
CVE-2023-24527
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
CVE-2023-24527
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
CVE-2023-24527
CVE-2023-24527 affects SAP NetWeaver AS Java for Deploy Service (v7.5). The issue is improper access control: an unauthenticated remote attacker can attach to an open interface and use an open naming/directory API to access a service. This access disclosure does not modify server settings or data...
CVE-2023-24527 Improper Access Control in SAP NetWeaver AS Java for Deploy Service
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will...
SAP NetWeaver AS 访问控制错误漏洞
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. An access control error vulnerability exists in SAP NetWeaver AS Java for Deploy Service version 7.5, which stems from not performing any access contr...
Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive password information if a manual edit of the agentrelay.properties file. (CVE-2022-43877)
Summary After a local edit of an agentrelay.properties configuration file using a plain text value, the value may not automatically be encrypted as expected after restarting the service. Vulnerability Details CVEID:CVE-2022-43877 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)
Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)
Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)
Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...
Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)
Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...