CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

Design/Logic Flaw

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

Active IQ Unified Manager 安全漏洞

NetApp Active IQ Unified Manager is an ONTAP storage product monitoring and management solution from Network Appliance NetApp. The product supports features such as performance monitoring and secret key management. A security vulnerability exists in Active IQ Unified Manager. An attacker exploite...

SUSE CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

SUSE CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

SUSE CVE-2008-5681

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs...

SUSE CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content...

SUSE CVE-2015-3177

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request...

SUSE CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

SUSE CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

How to Restrict Which Azure Subscriptions Are Accessible to an Azure Compute Account

Purpose This article documents how to restrict which subscriptions will be accessible to an Azure Compute account used by Veeam Backup & Replication. Use Case By default, IAM roles are assigned to a newly created Microsoft Entra ID application on all subscriptions visible to the Microsoft Entra I...

Design/Logic Flaw

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

CVE-2023-23629 Metabase subject to Improper Privilege Management

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

CVE-2023-23629

Metabase (open-source analytics platform) is affected by CVE-2023-23629 due to Improper Privilege Management in dashboard subscriptions. The issue allows a user with higher data privileges to create a subscription and add recipients, who then receive data exposed according to the creator’s privil...

January 19, 2023—KB5019274 (OS Build 22000.1516) Preview

January 19, 2023—KB5019274 OS Build 22000.1516 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page.Note Follow @WindowsUpdate to...

GHSA-8GCG-VWMW-RXJ4 Flarum notifications can leak restricted content

Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through...

mercurius has Uncaught Exception when using subscriptions

Impact Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. Patches This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2. Workarounds...

CVE-2023-22477

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...

Code injection

Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql. This issue was patched in 940. As a workaround, users can disable subscriptions...