SAP NetWeaver AS 访问控制错误漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides web services, but is also the basic platform for SAP software. An access control error vulnerability exists in SAP NetWeaver AS Java for Deploy Service version 7.5, which stems from not performing any access contr...

Security Bulletin: IBM UrbanCode Deploy (UCD) could disclose sensitive password information if a manual edit of the agentrelay.properties file. (CVE-2022-43877)

Summary After a local edit of an agentrelay.properties configuration file using a plain text value, the value may not automatically be encrypted as expected after restarting the service. Vulnerability Details CVEID:CVE-2022-43877 DESCRIPTION: IBM UrbanCode Deploy UCD could disclose sensitive...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to HTTP response splitting due to Netty (CVE-2022-41915)

Summary Netty is used by IBM UrbanCode Deploy UCD for network communication. An attacker may be able to inject HTTP/1.1 response header and cause the server to return a split resonse. CVE-2022-41915 Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to sensitive information disclosure due to Apache Commons Net (CVE-2021-37533)

Summary Apache Commons Net is used by the included zOS Utility plugin FTP Artifacts step to connect to remote FTP servers. By persuading a victim to connect to a specially-crafted server, an attacker could exploit this vulnerability to obtain information about services running on the private...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Apache Tomcat (CVE-2023-24998)

Summary Apache Tomcat is used by IBM Urbancode Deploy UCD for processing web requests. Tomcat is vulnerable to a denial of service, caused by not limiting the number of request parts to be processed in the file upload function. By sending a specially-crafted request with a series of uploads, a...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to Path Traversal due to Apache Ivy (CVE-2022-37865, CVE-2022-37866)

Summary Apache Ivy is used by IBM UrbanCode Deploy as part of the Agents Apache Groovy scripting home. CVE-2022-37865, CVE-2022-37866 Vulnerability Details CVEID:CVE-2022-37866 DESCRIPTION: Apache Ivy could allow a remote attacker to traverse directories on the system, caused by improper validati...

CVE-2023-28445

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

CVE-2023-28445 Deno improperly handles resizable ArrayBuffer

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the...

Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

GHSA-C25X-CM9X-QQGX Deno improperly handles resizable ArrayBuffer

Impact Resizable ArrayBuffers passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

Code injection

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

Octopus Deploy 命令注入漏洞

Octopus Deploy is an automation tool for .NET, Java, and other application development and deployment from Octopus Deploy Australia. A command injection vulnerability exists in Octopus Deploy, which originates from a user being able to perform command injection by creating offline packages. The...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

CVE-2022-4009

CVE-2022-4009 affects Octopus Deploy; the vulnerability allows a user to introduce code via offline package creation, leading to potential command injection. The provided documents do not specify exact affected versions or a published fix. Additional connected sources mention Octopus Deploy conte...

CVE-2022-4009

In affected versions of Octopus Deploy it is possible for a user to introduce code via offline package creation...

March 14, 2023—KB5023759 (Security-only update)

March 14, 2023—KB5023759 Security-only update IMPORTANT As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. For customers who need additional time to upgrade and modernize their devices running Windows Server 2008 R2 on Azur...