GHSA-HHPM-74PM-HF35 ingress-nginx component for Kubernetes allows file overwrite

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

GHSA-V377-8F8F-532H Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution

In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity...

GHSA-853F-X27W-8R74 OpenNMS Horizon RCE via Unsafe Deserialization

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects aka ActiveMQ Minion payload deserialization, leading to remote code execution for any...

Plone SQL Injection Vulnerability

SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...

USN-5440-1 postgresql-10, postgresql-12, postgresql-13, postgresql-14 vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled the security restricted operation sandbox when a privileged user is maintaining another user's objects. An attacker having permission to create non-temp objects can use this issue to execute arbitrary commands as the superuser...

May 24, 2022—KB5014021 (OS Build 20348.740) Preview

May 24, 2022—KB5014021 OS Build 20348.740 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...

Snake Keylogger Spreads Through Malicious PDFs

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found. The campaign—discovered by researchers at HP Wolf...

The vulnerability of the Regexp class implementation in the Ruby programming language allows a attacker to trigger a service failure.

The vulnerability of the Regexp class implementation in the Ruby programming language is related to a memory reclamation error. Exploiting this vulnerability can allow an attacker to cause a service failure through specially created objects of the Regexp class...

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...

Microsoft Windows Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions...

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash...

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

UI REDRESSING

Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Proof of Concept 1. Go to this URL:...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

The vulnerability of the software solution that supports the closing, consolidation, and reporting processes of IBM Cognos Controller arises from incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM Cognos Controller software, which supports closing processes, consolidating data, and generating reports, is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

GHSA-V64W-96P6-FX7W Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1

The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server WAS Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to...

GHSA-6W93-4C4P-XV2X Plone Metadata Disclosure

uidcatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL...

GHSA-W7RQ-8F2G-JVQR Djiblets Cross-site scripting Vulnerability via JSON Objects

A cross-site scripting XSS vulnerability in util/templatetags/djbletsjs.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user...

GHSA-87R7-Q54J-F9QG OpenStack Murano Code Execution

OpenStack Murano before 1.0.3 liberty and 2.x before 2.0.1 mitaka, Murano-dashboard before 1.0.3 liberty and 2.x before 2.0.1 mitaka, and python-muranoclient before 0.7.3 liberty and 0.8.x before 0.8.5 mitaka improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files,...