CVE-2022-43534

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager versions...

U.S. Dept Of Defense: [U.S. Air Force] Information disclosure due unauthenticated access to APIs and system browser functions

Multiple information exposure vulnerabilities were found in a Jira Server instance, allowing unauthenticated attackers to access APIs and system browser functions, leading to unauthorized access to sensitive data. The vulnerability was registered as CVE-2020-14179...

CVE-2022-43534

A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager versions...

CVE-2023-22452 Improper Input Validation in kenny2automate

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

[NetScaler] SDX reports "Appliance is running in grace" Error

SDX has instance license CNSINSTCCS checked from ADM. And SDX may report error "Appliance is running in grace. System will loose capacity after XYZ hours"...

GO-2022-1118 Improper validation of UUIDs in github.com/codenotary/immudb

A malicious server can trick a client into treating it as a different server by changing the reported UUID. immudb client SDKs use the server's UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple server...

AAD Pod Identity 安全漏洞

Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...

Path traversal

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the instance. This vulnerability was fixed in...

CVE-2022-3989 Motors - Car Dealer, Classifieds & Listing < 1.4.4 - Arbitrary File Upload

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...

Changes not being stored in Delta.sol

Lines of code Vulnerability details Changes not being stored in Delta.sol Impact Functions working without proper storage dealing into unexpected behaviors Proof of Concept function combineInstance memory self, Instance memory delta internal pure if !self.skipCombine self.deltaInBinInternal +=...

Command injection

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher...

Apache DolphinScheduler 命令注入漏洞

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. A command injection vulnerability exists in Apache DolphinScheduler versions prior to 2.0.6 that stems from the Alert Instance Management Servic...

CVE-2022-45462

Summary: Apache DolphinScheduler contains a command injection vulnerability in the Alarm/Alert Instance Management service when a specific command is configured. The issue affects versions prior to 2.0.6 and could allow an attacker to inject commands. The vulnerability is rated critical (CVSS v3....

Default configuration

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

PT-2022-26275 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.3 before update 4, and 7.4 GA Description: An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module allows remote authenticated users to vie...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

8x8: Directory Listing at https://█.█.█.█

@shuvam321 reported to us an enabled Directory Listing at https://█.█.█.█/cobbler/ & https://█.█.█.█/cblr/. The directories exposed open source files related to the Spacewalk project. The server instance was initially installed as a preview of a Spacewalk. No sensitive information had been...

Bug in pooling instance allocator

bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. Mitigations are described here...

RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...