The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication, allows a perpetrator to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the possibility of adding metadata during the creation of a task by an unauthorized user. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

Apache DolphinScheduler Denial of Service Vulnerability

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is a denial-of-service vulnerability in versions prior to Apache DolphinScheduler 2.0.5, which stems from a user registration interface that does not properly handle incoming...

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController...

CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieve...

RSA Archer 安全漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all our enterprise assets, as well as some of the monitored information all together, organized on top of a unified...

GitLab 安全漏洞

GitLab is an open source end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. GitLab CE/EE versions 11.3 and later are vulnerable to an information disclosure vulnerability...

Bypass Restriction

HashiCorp Nomad and Nomad Enterprise with the QEMU task driver enabled is vulnerable to bypass restriction. It allows authenticated users with job submission capabilities to bypass the configured allowed image paths...

Security fix for the ALT Linux 9 package glpi version 9.5.7-alt1

9.5.7-alt1 built March 21, 2022 Pavel Zilke in task 296878 Jan. 27, 2022 Pavel Zilke - New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload but...

Microsoft Task Scheduler Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations...

An Inside Look at CISA’s Supply Chain Task Force

When one mentions supply chains these days, we tend to think of microchips from China causing delays in automobile manufacturing or toilet paper disappearing from store shelves. Sure, there are some chips in the communications infrastructure, but the cyber supply chain is mostly about virtual...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

The vulnerability of the Task Manager component in Google Chrome allows a hacker to bypass existing security restrictions.

The vulnerability of the Task Manager component in Google Chrome relates to buffer overflow attacks. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...

Scale-Out Backup Repository Offload task fails with "There is not enough space on the disk"

Article Applicability This KB Article is specific to an issue where a SOBR Offload task fails with an error reporting that "There is not enough space on the disk " and the path specified in the error contains 'VeeamBackupTemp '. Challenge Scale-Out Backup Repository's Offload task fails with erro...

StayKit - Cobalt Strike Kit For Persistence

StayKit is an extension for Cobalt Strike persistence by leveraging the executeassembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load...

KDE KCron 权限许可和访问控制问题漏洞

KDE KCron is a task scheduler. KDE Kcron is vulnerable to privilege permission and access control issues, which could be exploited by an attacker to run unauthorized commands...

The vulnerability of the Task Manager of Google Chrome browser allows a hacker to bypass existing security restrictions.

The vulnerability of the Task Manager component in Google Chrome relates to buffer overflow attacks. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...

CVE-2022-24589

Burden v3.0 was discovered to contain a stored cross-site scripting XSS in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter...

CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0311

Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...