Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

BIT-GITLAB-2026-1752 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

GHSA-Q6JJ-R49P-94FH AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Budibase versions 3.24.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from file...

CVE-2024-39228

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface...

Cisco Application Policy Infrastructure Controller 跨站请求伪造漏洞

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. A security vulnerability exists in Cisco Application Policy Infrastructure Controller APIC, Cisco Cloud Network Controller, which stems from the web-based manageme...

IBM Navigator for i Unauthorized Access Vulnerability

IBM Navigator for i is a console interface from International Business Machines IBM used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i in versions 7.3, 7.4, and 7.5 is vulnerable to unauthorized access, where authenticated users using this interface access their entitl...

CVE-2022-43858

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

Design/Logic Flaw

IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force I...

Design/Logic Flaw

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

CVE-2022-43858 IBM Navigator for i information disclosure

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

CVE-2022-43858

CVE-2022-43858 affects IBM Navigator for i versions 7.3, 7.4, and 7.5. An authenticated user can bypass interface checks by modifying a parameter, gaining access to their authorized file-system content through the Navigator interface (i.e., download files they are allowed to view). The Red Hat/RH...

CVE-2022-43857

IBM Navigator for i versions 7.3–7.5 is vulnerable to an information-disclosure issue where an authenticated user can bypass interface checks and download log files by modifying the servlet filter. Affected products: IBM Navigator for i 7.3/7.4/7.5. Root cause: bypass of interface checks via serv...

GHSA-V7WG-CPWC-24M4 pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

java security update

CentOS Errata and Security Advisory CESA-2020:2969 An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Oracle Linux 7 : java-11-openjdk (ELSA-2020-2969)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2969 advisory. 1:11.0.8.10-0.0.1 - link atomic for ix86 build 1:11.0.8.10-0 - Update to shenandoah-jdk-11.0.8+10 GA - Switch to GA mode for final release. - Update...

OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...

OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867)

Vulnerability in the Java SE product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks o...