49 matches found
wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability...
A Windows 11 Automation Tool Can Easily Be Hijacked
Hackers can use Microsoft’s Power Automate to push out ransomware and key loggers—if they get machine access first...
USN-5549-1 python-django vulnerability
It was discovered that Django incorrectly handled certain FileResponse. An attacker could possibly use this issue to expose sensitive information or gain access over user machine...
GHSA-C7W7-9C85-4QXV OpenStack Nova Live migration fails to update persistent domain XML
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths ...
GHSA-4W62-CQ5R-5MMQ express-cart unrestricted file upload vulnerability
Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...
CVE-2021-38923
IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assigning duplicate WWPNs. IBM X-Force ID: 210162...
IBM PowerVM Hypervisor 安全漏洞
IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualized environment for applications built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM PowerVM...
[SECURITY] Fedora 35 Update: libguestfs-1.45.7-2.fc35
Libguestfs is a library for accessing and modifying virtual machine disk images. http://libguestfs.org Libguestfs uses Linux kernel and qemu code, and can access any type of guest filesystem that Linux and qemu can, including but not limited to: ext2/3/4, btrfs, FAT and NTFS, LVM, many different...
CVE-2021-3533
A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory . When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...
Citrix UPM Log Parser
Citrix UPM Log Parser v1.5 Created Date: Oct 8, 2009 Modified Date: Oct 4, 2016 Please note: You can download the required file from the Citrix downloads website by visiting the following link:https://www.citrix.com/downloads/citrix-tools Description Citrix UPM Log Parser has been designed to hel...
CVE-2020-10746
Infinispan Server Runtime (org.infinispan:infinispan-server-runtime) version 10 is described as allowing local access to controls via REST and HotRod APIs, enabling a locally authenticated user to perform all cache operations including creation, update, deletion, and shutdown of the entire server...
Code injection
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...
CVE-2020-3990
VMware Workstation 15.x and Horizon Client for Windows 5.x before 5.4.4 contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from...
CVE-2020-10507
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...
Unrestricted file upload
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...
CVE-2020-10507 ALLE INFORMATION CO., LTD. School Manage System - Security Misconfiguration
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload RCE , that would allow attackers to gain access in the hosting machine...
CVE-2020-10255
Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...
CVE-2019-5519
VMware ESXi 6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001, Workstation 15.x before 15.0.4, 14.x before 14.1.7, Fusion 11.x before 11.0.3, 10.x before 10.1.6 contain a Time-of-check Time-of-use TOCTOU vulnerability in the virtual USB 1.1 UHCI Universal Ho...
CVE-2018-3758
Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...
CVE-2018-9039
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit permissions, can scope some variables to targets greater than their permissions should allow. In other words, they can see machines beyond their team's scoped environments...