PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

[SECURITY] Fedora 35 Update: golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...

Adob​​e RoboHelp 授权问题漏洞

Adobe RoboHelp is a help authoring tool developed and distributed for Windows by Adobe. An authorization issue vulnerability exists in Adobe RoboHelp and Adobe RoboHelp Server 11 Update 3 and earlier versions, which stems from a vulnerability that allows a user with non-administrative privileges ...

[SECURITY] Fedora 36 Update: golang-github-docker-libnetwork-0.8.0-17.20220610gitf6ccccb.fc36

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...

CVE-2022-31757

The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Community Edition and GitLab Enterprise...

CVE-2022-20807

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

CVE-2022-20806

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...

Magento executes code via the API File Option Upload Extension

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an improper input validation vulnerability in the API File Option Upload Extension. An attacker with Admin privileges can achieve unrestricted file upload which can result in remote code...

Mattermost Server exposes team invite IDs through API endpoints

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints...

GHSA-H742-XX59-R9PQ Mattermost Server exposes sensitive user status information via REST API version 4 endpoint

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information user statuses via a REST API version 4 endpoint...

GHSA-M497-HQ5X-6JCV Mattermost Server allows attackers to create buttons that can launch API requests

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request...

Mattermost Server allows attackers to gain privileges by accessing unintended API endpoints with users' credentials

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf...

Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

GHSA-Q3G9-HGRX-HWHX Mattermost Server exposes sensitive information about team URLs via an API

An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API...

CVE-2022-20809

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about...