IBM Resilient Path Traversal Vulnerability

IBM Resilient is a set of incident response platform from IBM in the United States. The platform supports functions such as incident response process orchestration and incident management. IBM Resilient has a path traversal vulnerability that arises from the fact that the build form field in a...

Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...

Drupal 9.0.x < 9.0.1 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...

CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

Code injection

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

CVE-2019-1002100

CVE-2019-1002100 affects Kubernetes: in Kubernetes API server prior to versions v1.11.8, v1.12.6, and v1.13.4, authorized users can send a crafted patch of type json-patch (e.g., kubectl patch --type json or Content-Type: application/json-patch+json) that consumes excessive resources, causing a D...

CVE-2019-1002100

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" e.g. kubectl patch --type json or "Content-Type: application/json-patch+json" that consumes...

PT-2019-5264 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.11.8 Kubernetes versions prior to 1.12.6 Kubernetes versions prior to 1.13.4 Description: The issue is related to an uncontrolled resource consumption in the Kubernetes API Server. It can be exploited by sending...

Drupal RCE Vulnerability (SA-CORE-2019-003) - Windows

Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Spring Data REST 2.6.9 (Ingalls SR9) 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 Ingalls SR9 3.0.1 Kay SR1 - PATCH Request Remote Code Execution // Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: https://pivotal.io/ // Software Link:...

Code injection

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

CVE-2017-8046

CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...

Drupal 8.x < 8.2.8 / 8.3.x < 8.3.1 Access Bypass Vulnerability (SA-CORE-2017-002)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x prior to 8.2.8 or 8.3.x prior to 8.3.1. It is, therefore, affected by an access bypass vulnerability due to an unspecified flaw when the RESTful Web Services rest module is enabled and the site...

Drupal Core - Access Bypass vulnerability (CVE-2017-6919)

This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met: The site has the RESTful Web Services rest module enabled. The site allows PATCH requests. An attacker can get or register a user account on the site. While we don't normall...

Drupal Closes Access Bypass Vulnerability in Core Engine

A critical vulnerability in the Drupal Core engine was addressed in an update released Wednesday. Drupal engineers are calling it an access bypass vulnerability and said a Drupal-based website is vulnerable only under certain conditions, including whether a site has the RESTful Web Services modul...

CVE-2017-6919

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services rest module is enabled and the site allows PATCH requests...

CVE-2017-6919

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services rest module is enabled and the site allows PATCH requests...

CVE-2017-6919

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services rest module is enabled and the site allows PATCH requests...

CVE-2017-6919

Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services rest module is enabled and the site allows PATCH requests...