7 matches found
CVE-2026-40611
A flaw was found in lego, the Let's Encrypt client and ACME library written in Go. A malicious ACME Automated Certificate Management Environment server can exploit a path traversal vulnerability in the webroot HTTP-01 challenge provider. By supplying a specially crafted challenge token containing...
PT-2023-1394 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 2.6.0-rc1 through 2.6.0 Description: The issue is related to an output sanitization bug in Argo CD, which leaks repository access credentials in error messages. These error messages are visible to the user and are logged. The...
Assessing Mainframe Compliance While Minimizing Operational Impact
While many in the industry consider mainframes to be inherently secure systems that dont require additional hardening, this is not the case, according to recent Forrester surveys which reveal that security incidents are commonplace in mainframes. Mainframes are the backbone of many businesses and...
Atlassian Crowd CVE-2017-18107 Cross Site Request Forgery Vulnerability
Description Atlassian Crowd is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue allows a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also...
Information disclosure
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto thei...
CVE-2016-9269
Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...
Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability
Description A vulnerability exists in Internet Explorer when handling specific DHTML events, allowing a malicious Web page to intercept mouse click events to perform unintended drag and drop operations. In particular, it is possible to simulate a mouse drag and drop event through use of the moveB...