27 matches found
EUVD-2022-47726
Malicious code in bioql PyPI...
EUVD-2022-47728
Malicious code in bioql PyPI...
EUVD-2022-47727
Malicious code in bioql PyPI...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
CVE-2022-44794
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2022-44794
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
CVE-2022-44794
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
Authorization
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
Code injection
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameters. As a result, arbitrary data goes directly to...
PT-2022-27315 · Firstobject · Object First Ootbi Beta
Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG,...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
PT-2022-27316 · Unknown · Object First Ootbi Beta
Name of the Vulnerable Software and Affected Versions: Object First Ootbi BETA versions 1.0.7.712 through 1.0.13.1610 Description: An issue was discovered in the authorization service, allowing access to the Web UI without knowing credentials. The JWT token uses a secret key generated through a...
CVE-2022-44794
CVE-2022-44794 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610. The root cause is an input validation flaw in the hostname-setting command within the management protocol, allowing a remote attacker with credentials to pass arbitrary data to Bash, enabling arbitrary code ex...
CVE-2022-44796
CVE-2022-44796 concerns Object First Ootbi BETA. Affected versions: 1.0.7.712 (and up to 1.0.13.1610 per PT-2022-27316) with an authorization flow that allows access to the Web UI without credentials. The root cause is a JWT signing key generated by a function that does not produce cryptographica...
CVE-2022-44796
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a function that doesn't produce cryptographically...
Object First 安全特征问题特征问题漏洞
Object First is a Veeam best-of-breed storage solution from Object First. A security feature issue vulnerability exists in Object First version 1.0.7.712, which stems from JWT tokens using keys generated by functions that do not produce cryptographically strong sequences, which can be predicted b...