Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via throttling policy import API. An attacker can execute arbitrary code by uploading a specially crafted file to a user-controlled location. Remediation Upgrade org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl t...

EUVD-2019-0633

Malware in sbrugna...

EUVD-2019-13931

Malware in sbrugna...

EUVD-2022-39674

Malicious code in bioql PyPI...

CVE-2019-4324

"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."...

CVE-2022-37017

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

Security feature bypass

Symantec Endpoint Protection Windows agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User...

PT-2022-5708 · Symantec · Symantec Endpoint Protection

Name of the Vulnerable Software and Affected Versions: Symantec Endpoint Protection Windows versions prior to 14.3 RU6/14.3 RU5 Patch 1 Description: The issue is related to a Security Control Bypass, which can potentially allow a threat actor to circumvent existing security controls. This...

CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

CVE-2019-9697

An information disclosure vulnerability in the Management Center MC REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwise be authorized to access...

Cross-site scripting in Apache Ranger

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix...

CVE-2019-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 is vulnerable to a cross-site scripting issue. Upgrade to 2.0.0 or later version of Apache Ranger with the fix...

GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC

GPO import fails and rollback results in the target policy being deleted on a Windows Server 2012 R2-based DC This article describes an issue in which the Group Policy Object GPO import fails and the target policy is deleted during the rollback process on a Windows Server 2012 R2-based domain...