179 matches found
Rancher Labs Rancher 安全漏洞
Rancher Labs Rancher is a suite of open source, enterprise-grade container management platforms from Rancher Labs, Inc. in the United States. A security vulnerability exists in Rancher for SUSE versions 2.5.0 through 2.5.15 and 2.6.0 through 2.6.6, which stems from the explicit storage of sensiti...
CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...
GHSA-PWGM-JVQV-6V8P Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587...
The vulnerability of the Glances monitoring tool arises from improper restrictions on XML links to external objects. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Glances monitoring tool is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
CVE-2022-24385
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...
Information disclosure
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...
CVE-2022-24385
CVE-2022-24385 describes a Direct Object Access vulnerability in SmarterTools SmarterTrack, affecting version 100.0.8019.14010 and leading to information disclosure. The connected documents confirm the affected product and version, and indicate the underlying issue is direct object access, with p...
SmarterTools SmarterTrack 安全漏洞
SmarterTools SmarterTrack is a customer service software from SmarterTools UK. It improves customer service and reduces support costs. A security vulnerability exists in SmarterTools SmarterTrack 100.0.8019.14010 that originates from direct object access in SmarterTools SmarterTrack...
CVE-2022-24385
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010...
CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system...
The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the Windows GDI component in Microsoft Windows systems is related to deficiencies in access control when processing raster objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
CVE-2021-20173
Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update functionality of the device. By triggering a system update check via the SOAP interface, the device is susceptible to command injection via preconfigured values...
CVE-2021-43275
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute...
Siemens Mendix 安全漏洞
Siemens Mendix is a low-code application development platform from Siemens, a German company that provides application development, testing, deployment, and iteration capabilities. A security vulnerability in Siemens Mendix allows an authenticated attacker to retrieve the changedDate property of...
CVE-2021-20321
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system...
CVE-2021-3462
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object...
UBUNTU-CVE-2021-26119
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...
CVE-2021-26119
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...
Cisco IoT Field Network Director SOAP API Authorization Bypass Vulnerability
Cisco IoT Field Network Director FND is a network management system for large-scale FAN deployments. A SOAP API authorization bypass vulnerability exists in Cisco IoT Field Network Director versions prior to 4.6.1. The vulnerability stems from insufficient authorization of the SOAP API. An attack...
Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2020-51782)
Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Internet Explorer versions 9 and 11, which stems from the program failing to properly access memory objects. ...