7080 matches found
IBM Cognos Analytics has an unspecified vulnerability (CNVD-2022-11191)
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can help companies adjust their decisions by analyzing key factors and key people, etc. A security vulnerability exists in IBM Cognos Analytics...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
Design/Logic Flaw
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
GHSA-VX57-7F4Q-FPC7 Arbitrary redirects under /new endpoint
Impact In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
CVE-2021-39080
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593...
CVE-2021-39080
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593...
Design/Logic Flaw
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593...
CVE-2021-39080
Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14 , an attacker could be able to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used. IBM X-Force ID: 215593...
CVE-2021-39080
CVE-2021-39080 affects IBM Cognos Analytics Mobile for Android (pre-1.1.14). Root cause: weak obfuscation enabling reverse engineering to learn code structure (techniques, interfaces, class definitions, algorithms, functions). Impact is described as information disclosure of how the app is built;...
Nagios XI Autodiscovery Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Autodiscovery Webshell Upload', 'Description' = %q This module exploits a path traversal issue in Nagios XI before version 5.8.5...
IBM Cognos Analytics 安全漏洞
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can help companies adjust their decisions by analyzing key factors and key people, etc. A security vulnerability exists in IBM Cognos Analytics...
Nagios XI Autodiscovery Webshell Upload
This module exploits a path traversal issue in Nagios XI before version 5.8.5 CVE-2021-37343. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field...
Exploit for Code Injection in Cisco Adaptive_Security_Device_Manager
staystaystay staystaystay is a proof of concept exploit for...
GHSA-6GMV-PJP9-P8W8 Out of bounds read in Tensorflow
Impact The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read: python import tensorflow as tf @tf.function def test: y = tf.rawops.ReverseSequence input = 'aaa','bbb', seqlengths = 1,1,1, seqdim = -10, batchdim = -...
QEMU Monitor HMP migrate Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "QEMU Monitor HMP 'migrate' Command Execution", 'Description' = %q This module uses QEMU's Monitor Human Monitor Interface HMP TCP server to execu...