561 matches found
ROS-2-1088
2.1088 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from Keycloak's device authorization not properly validating the device code and...
Basecamp: Spam & Clearance checks disabled with existing referenced Message-ID
A vulnerability in the inbound email processing allowed crafted emails to bypass spam filtering and The Screener when they appeared to be in reply to an existing thread...
Design/Logic Flaw
Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...
CVE-2023-2732
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers ...
Design/Logic Flaw
OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication 2FA device for an account, existing logged in sessions for that user account are not terminated. Likewise, if a...
CVE-2023-0485
An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...
vitess allows users to create keyspaces that can deny access to already existing keyspaces
...
PT-2023-20814 · Churchcrm · Churchcrm
Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.5.3 Description: A cross-site request forgery CSRF issue allows attackers to edit information for existing people on the site. This means an attacker can trick a user into performing unintended actions on the site...
CVE-2022-29607
An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator...
CVE-2023-1777 Information disclosure in linked message previews
Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message...
CVE-2022-41354
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications...
SUSE CVE-2004-1174
direntry.c in Midnight Commander mc 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."...
SUSE CVE-2008-3825
pamkrb5 2.2.14 in Red Hat Enterprise Linux RHEL 5 and earlier, when the existingticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename a...
SUSE CVE-2016-1547
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if...
SUSE CVE-2020-27780
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...
Arbitrary File Deletion
github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing fil...
plugin: Lack of authentication mechanism in Git Plugin webhook
The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository...
CVE-2022-4205
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash...
DEBIAN-CVE-2022-47927
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files inclu...