PT-2022-3993 · Nginx · Nginx Instance Manager

Name of the Vulnerable Software and Affected Versions: NGINX Instance Manager versions 1.x and earlier NGINX Instance Manager versions 2.x through 2.3.0 Description: The issue is related to uncontrolled resource consumption. It may allow a remote attacker to cause a denial of service. In affected...

CVE-2022-35241

In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnictype, creating an instance bound to that port, and then changing the vnictype of the bound port to macvtap, an authenticated user may cause the compu...

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

F5 BIG-IP 资源管理错误漏洞

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

GHSA-7943-82JG-WMW5 Argo CD certificate verification is skipped for connections to OIDC providers

Impact All versions of Argo CD starting with v0.4.0 are vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OIDC provider. Note: external OIDC provider support was added in v0.11.0. Before that version, the notes below app...

VMware Carbon Black App Control 8.5.x < 8.5.14 / 8.6.x < 8.6.6 / 8.7 < 8.7.4 / 8.8 < 8.8.2 Multiple Vulnerabilities (VMSA-2022-0008)

Multiple vulnerabilities exist in the VMware Carbon Black App Control management server, as follows: - VMware Carbon Black App Control 8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2 contains an OS command injection vulnerability. An authenticated, high...

Stored Cross-site Scripting (XSS) leads to Account Takeover

🔒️ Requirements - Be able to edit or create documents. - Click of a user on the link. 📝 Description The markdown's link creation feature does not properly sanitize url input, which allows to use error event to execute javascript. Furthermore, due to a lack of HttpOnly flag on sessions cookie, it i...

PT-2022-14214 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 1.0.2 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 Description: A Regular Expression Denial of Service issue allows an attacker to make a GitLab instance inaccessibl...

Division by 0

Lines of code Vulnerability details Division by 0 can lead to accidentally revert, An example of a similar issue - code-423n4/2021-10-defiprotocol-findings84 Code instances: https://github.com/code-423n4/2022-06-nibbl/tree/main/contracts/NibblVault.solL183 initialTokenSupply, initialTokenPrice...

Malicious code in aws-instance-scheduler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5892ee8a63b04ab411e3502b2e75dff16debff01b4903c74798ec7f6fa11303b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Reddit: Unrestricted File Upload on reddit.secure.force.com

Summary: Reddit.secure.force.com is Reddit SalesForce instance. Attacker is able to send attachments of disallowed filetypes to this server. The attacker is able to send malicious documents such as CVE-2022-30190 Follina to the victim. Impact: Attacker can send malicious files to whoever handles...

Window can read out of bounds if Read instance returns more bytes than buffer size

rdiff performs a diff of two provided strings or files. As part of its reading code it uses the return value of a Read instance to set the length of its internal character vector. If the Read implementation claims that it has read more bytes than the length of the provided buffer, the length of t...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Identifying Cloud Waste to Contain Unnecessary Costs

Cloud adoption has exploded over the past decade or so, and for good reason. Many digital transformation advancements – and even the complete reimagination of entire industries – can be directly mapped and attributed to cloud innovation. While this rapid pace of innovation has had a profound impa...

Security update for pcmanfm (moderate)

openSUSE Security Update: Security update for pcmanfm Announcement ID: openSUSE-SU-2022:10001-1 Rating: moderate References: 1039140 Cross-References: CVE-2017-8934 CVSS scores: CVE-2017-8934 NVD : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 A...

CVE-2022-20821

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

CVE-2022-20821 Cisco IOS XR Software Health Check Open Port Vulnerability

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...

Cisco IOS XR Software Health Check Open Port (cisco-sa-iosxr-redis-ABJyE5xK)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability in the health check RPM due to a port that is open by default. An unauthenticated, remote attacker can exploit this, by connecting to the Redis instance on the open port, in order to read and write information...

OpenStack Nova Live migration fails to update persistent domain XML

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...