The vulnerability of the monitoring tool for the virtual infrastructure vRealize Operations lies in insufficient validation of incoming requests, allowing a perpetrator to disclose sensitive information.

The vulnerability of the monitoring tool for the vRealize Operations virtual infrastructure is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...

The vulnerability of the software for managing virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, is related to insufficient checking of incoming requests. This allows a perpetrator to carry out an SSRF attack.

The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending specially craft...

GO-2022-0534 Timing attack in github.com/runatlantis/atlantis

Validation of Gitlab requests can leak secrets. The package github.com/runatlantis/atlantis/server/controllers/events uses a non-constant time comparison for secrets while validating a Gitlab request. This allows for a timing attack where an attacker can recover a secret and then forge the reques...

Code injection

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This...

CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

CVE-2022-20816

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to delete arbitrary files from an affected system. This...

PT-2022-22688 · Ibm · Ibm Security Verify Information Queue

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Information Queue version 10.0.2 Description: The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to cross-site request forgery. Recommendations: F...

CVE-2022-20897

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20900

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

CVE-2022-20880

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...

SSRF via Import URL

Description While importing CSV and Excel file via an URL, the server does not validate requests properly that's how the attacker can able to make requests to internal servers and access the contents. Proof of Concept 1. Go to any project 2. From Dashboard, click on Add / Import CSV or Microsoft...

Apache APISIX < 2.13.0 Input Validation

The version of Apache APISIX installed on the remote host is prior to 2.13.0. It is, therefore, potentially affected by an input validation vulnerability. When decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, t...

xorg-x11-server: SProcRenderCompositeGlyphs out-of-bounds access

A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the SProcRenderCompositeGlyphs function due to improper validation of the request length...

GHSA-3227-R97M-8J95 Relative Path Traversal in afire serve_static

Impact This vulnerability effects the built-in afire servestatic extension allowing paths containing //.... to bypass the previous path sanitation and request files in higher directories that should not be accessible. Patches The issue has been fixed in afire 1.1.0. If you can, just update to the...

The vulnerability of the VMware Workspace One application management platform, related to insufficient validation of incoming requests, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the VMware Workspace One application management platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information through specially crafted...

The vulnerability of the IBM DataPower Gateway’s network firewall, related to insufficient validation of requests on the server side, allows a hacker to execute arbitrary code.

The vulnerability of the IBM DataPower Gateway network firewall is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the Adobe Experience Manager content and media data management system, related to insufficient validation of incoming requests, allows attackers to circumvent existing access restrictions.

The vulnerability of the Adobe Experience Manager content and media management system lies in the insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to circumvent existing access restrictions...

GHSA-C2JG-HW38-JRQQ Inconsistent Interpretation of HTTP Requests in twisted.web

The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230: 1. The Content-Length header value could have a + or - prefix. 2. Illegal characters were permitted in chunked extensions, such as the LF \n...

Apache Apisix Input Validation Error Vulnerability

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...

Apache Apisix 输入验证错误漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd, with dynamic routing and plugin hot-loading for API management in microservices systems. An attacker could use this vulnerability to bypass the bodyschema...