4422 matches found
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2022-3172)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that can cause clients to be redirected by an aggregated API server SSRF CVE-2022-3172 Vulnerability Details CVEID: CVE-2022-3172 Description: Kubernetes kube-apiserver is vulnerable to...
Metasploit Weekly Wrap-Up
Fetch Based Payloads: Making the Path from Command Injection to Metasploit Session Shorter This week we’re releasing Metasploit fetch payloads. Fetch payloads are command-based payloads that leverage network-enabled applications on remote hosts and different protocol servers to serve, download, a...
Security Bulletin: PyTorch is vulnerable to CVE-2022-45907 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses PyTorch which is vulnerable to CVE-2022-21271. Vulnerability Details CVEID:CVE-2022-45907 DESCRIPTION: PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
FreeBSD : postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes (fbb5a260-f00f-11ed-bbae-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fbb5a260-f00f-11ed-bbae-6cc21735f730 advisory. - CREATE SCHEMA ... schemaelement defeats protective searchpath changesmore details CVE-2023-2454 Note...
GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension
Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...
in-toto: PGP trust model not (fully) considered
Impact This security advisory lists multiple concerns about how in-toto uses PGP keys. The findings are aggregated here, because they are all eligible to the same mitigation strategy. Note that the findings are rated with different severities see inline and the highest score was chosen for this...
Spring Framework Reference Documentation Update
Starting with version 6.0.9, the Spring Framework reference documentation site is generated with Antora. This is a big change that brings many improvements. This blog post provides context around that. Overview For a long time the Spring Framework reference documentation had two versions, one...
PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Panorama Web Interface
A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed. Work around:...
PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition. Work around: This issue requires the attacker to have authenticated access to...
SpiderSuite - Advance Web Spider/Crawler For Cyber Security Professionals
An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage...
CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
CVE-2021-27320
creationtimestamp| type| source ---|---|--- 2023-05-06 17:42:20+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-27320.yaml...
SUSE-FU-2023:2119-1 Feature update for haproxy
This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...
SUSE-FU-2023:2117-1 Feature update for haproxy
This update for haproxy fixes the following issues: Update to version 2.0.31 jscPED-3821: BUG/CRITICAL: http: properly reject empty http header field names CI: github: don't warn on deprecated openssl functions on windows DOC: proxy-protocol: fix wrong byte in provided example DOC: config:...
GHSA-Q63Q-HWF6-3MW6 ONOS vulnerable to Cross-site Scripting
A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions...
ONOS vulnerable to Cross-site Scripting
A cross-site scripting XSS vulnerability in Open Network Operating System ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the authorizationURL parameter of the API documentation dashboard under securityDefinitions...
Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Vulnerability
Exploit Title: Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Exploit Author: Syslifters - Christoph Mahrl, Aron Molnar, Patrick Pirker and Michael Wedl Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE : CVE-2022-47876 Introduction...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
Cross site scripting
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...