Octopus Deploy 信息泄露漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development deployment from Octopus Deploy Australia. A security vulnerability exists in Octopus Deploy that stems from the fact that certain types of sensitive variables may be inadvertently exposed when viewed in the...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

GHSA-P228-4MRH-WW7R Elrond-GO processing: fallback search of SCRs when not found in the main cache

Impact Processing issue, nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between the transaction caches and the processing component. If the above-mentioned transaction was sent with more...

CVE-2022-46173

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

Code injection

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

CVE-2022-46173 Elrond go Processing: fallback search of SCRs when not found in the main cache

Elrond-GO is a go implementation for the Elrond Network protocol. Versions prior to 1.3.50 are subject to a processing issue where nodes are affected when trying to process a cross-shard relayed transaction with a smart contract deploy transaction data. The problem was a bad correlation between t...

CVE-2022-38655

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...

CVE-2022-38655

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...

Xxe

BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site...

CVE-2022-46771

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

CVE-2022-46771

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

Cross site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

CVE-2022-46771 IBM UrbanCode Deploy (UCD) cross-site scripting

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7.0.5.13, 7.1.0.0 through 7.1.2.9, 7.2.0.0 through 7.2.3.2 and 7.3.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit...

CVE-2022-46771

CVE-2022-46771 affects IBM UrbanCode Deploy (UCD) versions 6.2.0.0–6.2.7.18, 7.0.5.0–7.0.5.13, 7.1.0.0–7.1.2.9, 7.2.0.0–7.2.3.2 and 7.3.0.0, with a cross-site scripting vulnerability that can lead to arbitrary JavaScript in the Web UI and potential credentials disclosure within a trusted session....

PT-2022-27979 · Ibm · Ibm Urbancode Deploy

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 6.2.0.0 through 6.2.7.18 IBM UrbanCode Deploy versions 7.0.5.0 through 7.0.5.13 IBM UrbanCode Deploy versions 7.1.0.0 through 7.1.2.9 IBM UrbanCode Deploy versions 7.2.0.0 through 7.2.3.2 IBM UrbanCode Deploy...

PT-2022-24505 · Ibm · Bigfix Webui

Name of the Vulnerable Software and Affected Versions: BigFix WebUI affected versions not specified Description: The issue concerns BigFix WebUI non-master operators who are missing necessary controls. These operators can modify the relevance of fixlets or deploy fixlets from the BES Support...

IBM UrbanCode Deploy 跨站脚本漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from International Business Machines IBM. The tool is based on an application deployment automation management information model, and through remote agent technology, to realize the complex application in different...

Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)

Summary Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false. By sending a specially-crafted request, an attacker could...