CVE-2022-29164

Affected software: Argo Workflows (Kubernetes) Vulnerability summary: An attacker can craft a HTML artifact in a workflow that contains a script using XHR to interact with the Argo Server API. The attacker emails a link to the deep-link artifact; when opened by a victim, the script executes with ...

PT-2022-19423

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to the fixed version Description Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions, an attacker can create a workflow that produc...

Vivellio 1.2.1 User Account Enumeration Vulnerability

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

CVE-2021-31821

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

Design/Logic Flaw

When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability...

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability...

CVE-2022-21864

Windows UI Immersive Server API Elevation of Privilege Vulnerability...

The vulnerability relates to the SAPI extension of the PHP-FPM process runner, which is a PHP programming language interpreter. This vulnerability allows attackers to elevate their privileges to root.

The vulnerability of the SAPI extension for the PHP-FPM process interpreter involves access control issues when the processes are executed simultaneously. Exploiting this vulnerability can allow an attacker to gain elevated privileges to root...

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration Vulnerability

User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested versions: HealthForYou 1.11.1...

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A flaw was found in PHP's CGI server API. If the web server did not set DOCUMENTROOT environment variable for PHP e.g. when running PHP in the FastCGI server mode, an attacker could cause a crash of the PHP child process, causing a temporary denial o...

The vulnerability of the API interface of the Threat Intelligence Exchange Server allows attackers to compromise the integrity of the protected information.

The vulnerability of the Threat Intelligence Exchange Server’s API interface is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information through specially crafted...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

CVE-2019-12103 – Analysis of a Pre-Auth RCE on the TP-Link M7350, with Ghidra!

TL;DR The TP-Link M7350 V3 is affected by a pre-authentication CVE-2019-12103, and a few post-authentication CVE-2019-12104 command injection vulnerabilities. These injections can be exploited remotely, if the attacker is on the same LAN or otherwise able to get access to the router web interface...

ipswitch WS_FTP Server Directory Traversal Vulnerability

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. An attacker can use this vulnerability to write files and create directories outside of their authorized...

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24247)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain pathnames on the host operating system via the SCP...

ipswitch WS_FTP Server Directory Traversal Vulnerability (CNVD-2019-24249)

ipswitch WSFTP Server is an FTP service program for Windows systems. A directory traversal vulnerability exists in SSHServerAPI.dll in ipswitch WSFTP Server versions prior to 2018 8.6.1. The vulnerability can be exploited by an attacker to obtain WSFTP usernames and filenames via the SCP protocol...

CVE-2019-12144

An issue was discovered in SSHServerAPI.dll in Progress ipswitch WSFTP Server 2018 before 8.6.1. Attackers have the ability to abuse a path traversal vulnerability using the SCP protocol. Attackers who leverage this flaw could also obtain remote code execution by crafting a payload that abuses th...

Jupyter Notebook XSS via untrusted notebooks

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

Cross site scripting

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...