Icinga Web 2 < 2.8.6, 2.9.x < 2.9.6 Multiple Vulnerabilities

Icinga Web 2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:icinga:icingaweb2";...

SAP Business Objects Business Intelligence Platform 信息泄露漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. An information disclosure vulnerability exists in SAP Business Object...

UBUNTU-CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Design/Logic Flaw

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

CVE-2022-24714

CVE-2022-24714 affects Icinga Web 2 installations with the IDO writer enabled. The vulnerability stems from using service custom variables in role restrictions, which can allow users with specific roles to access a collection of content, if those roles granted access to hosts via at least one ser...

CVE-2022-24398

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted...

CVE-2022-24398

SAP BusinessObjects BI Platform versions 4.2 (420) and 4.3 (430) are affected by an information disclosure vulnerability under certain conditions that can be exploited by an authenticated attacker to access restricted information. The issue is documented across multiple sources as CVE-2022-24398....

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

CVE-2022-24282

CVE-2022-24282 affects Siemens SINEC NMS and SINEMA Server V14. The vulnerability is due to insecure deserialization of user-supplied JSON objects into Java objects, allowing a privileged attacker to execute arbitrary code on the device with root privileges. Affected versions of SINEC NMS include...

CVE-2022-24282

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the...

Threat landscape for industrial automation systems, H2 2021

2021 is the second year we have spent living and working in the pandemic. By 2021 everyone got used to pandemic limitations – industrial organization employees and IT security professionals and threat actors. If we compare the numbers from 2020 and 2021, we see that 2021 looks more stable,...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory...

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.

...

Xerte Cross-Site Scripting Vulnerability

Xerte is an open source software from The Xerte Project community in the UK. Used to create learning objects. Xerte has a security vulnerability that stems from a site scripting XSS vulnerability in The Xerte Project via the link parameter in print.php. No details of the vulnerability are current...

Xerte 跨站脚本漏洞

Xerte is an open source software from The Xerte Project community in the UK. Used to create learning objects. Xerte has a security vulnerability that stems from a site scripting XSS vulnerability in The Xerte Project via the link parameter in print.php. No details of the vulnerability are current...

PT-2022-7492 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak in the netfilter component of the Linux kernel during the update of stateful objects. Stateful objects can be updated from the control plane, and...

CVE-2022-24363

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-24364

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-24368

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...