UBUNTU-CVE-2022-48065

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function findabstractinstance in dwarf2.c...

Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

Adding ADC instance on ADM failed with error - Added unlicensed * that requires HTTPS connection

Adding NetScaler instance on ADM failed with error - Added unlicensed that requires HTTPS connection...

WEM Agent error, "Only a single agent instance can be run within a session!"

Error showing from WEM Agent, "Only a single agent instance can be run within a session!"...

Design/Logic Flaw

Dispatch is an open source security incident management tool. The server response includes the JWT Secret Key used for signing JWT tokens in error message when the Dispatch Plugin - Basic Authentication Provider plugin encounters an error when attempting to decode a JWT token. Any Dispatch users...

CVE-2023-28482

An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has...

(0Day) Microsoft Azure Machine Learning Compute Instance certificate Exposure of Resource to Wrong Sphere Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute high-privileged code on the target environment in order to exploit this vulnerability. The specific flaw exists within the handling of certificates...

Rocky Linux 8 : bind (RLSA-2023:4102)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4102 advisory. - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to...

EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-2572)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sen...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. This vulnerability allows an attacker to cause a DoS attack on a GitLab instance by exploiting a regex issue in how the application parses user agents...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the Google IAP details in Prometheus integration are not properly hidden, which leads to the leak of project settings, instance and group details to other users...

CVE-2022-46782

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...

Unix SSH Shell, Bind Instance Connect (via AWS API)

Creates an SSH shell using AWS Instance Connect Module Options msf use payload/cmd/unix/bindawsinstanceconnect msf payloadbindawsinstanceconnect show actions ...actions... msf payloadbindawsinstanceconnect set ACTION msf payloadbindawsinstanceconnect show options ...show and set options... msf...

CLSA-2023-1691083401 Fix CVE(s): CVE-2022-3697

SECURITY UPDATE: improper handling of towercallback parameter in amazon.aws collection - debian/patches/CVE-2022-3697.patch: ec2instance - validate options on towercallback - CVE-2022-3697 Enable unit testing...

PowerJob Command Execution Vulnerability

PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A command execution vulnerability exists in PowerJob version 4.3.3, which stems from the parameter instanceId of /instance/detail failing to properl...

New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0

The Center for Internet Security CIS recently released version two of their AWS Benchmark. CIS AWS Benchmark 2.0.0 brings two new recommendations and eliminates one from the previous version. The update also includes some minor formatting changes to certain recommendation descriptions. In this...

First Depositor Attack is possible by front-running mip00 script execution

Lines of code Vulnerability details Overview The First Depositor Attack Within the context of Compound v2, a First Depositor Attack occurs when an attacker becomes the inaugural minter of a cToken. This enables them to establish the first exchange rate between the underlying asset and the cToken...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework that allows developers to easily schedule tasks in their applications. A command execution vulnerability exists in PowerJob version 4.3.3, which stems from the parameter instanceId of /instance/detail failing to properl...

PT-2023-26094 · Powerjob · Powerjob

Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.3 Description: A remote command execution issue was discovered, allowing exploitation via the instanceId parameter at the "/instance/detail" API endpoint. Recommendations: For PowerJob version 4.3.3, consider restricting...