ant: insecure temporary file vulnerability

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build...

task.telangana.gov.in Improper Access Control vulnerability OBB-1460684

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

USN-4595-1: Grunt vulnerability

It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code. CVE-2020-7729...

McAfee Total Protection elevation of privilege vulnerability (CNVD-2020-64597)

McAfee Total Protection MTP is a suite of antivirus software from the American company McAfee. An elevation of privilege vulnerability exists in McAfee Total Protection versions prior to 4.0.176.1, which originates from allowing a local user to schedule a task that invokes malware to execute with...

HPE Intelligent Management Center (iMC) thirdPartyPerfSelectTask Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center iMC is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services and users. A security vulnerability exists in HPE...

CVE-2020-7184

A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

Grocy Cross-Site Scripting Vulnerability

Grocy is a web-based self-hosted grocery and home management solution for families by individual developers. The platform is an ERP system for families written in PHP. A cross-site scripting vulnerability exists in Grocy version 2.7.1 and prior versions. The vulnerability is related to a running...

Acronis: DLL Hijacking when creating Rescue Media Builder leading to Privilege Escalation

Vulnerability description not provided...

PT-2022-8562 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.9.1 Moodle versions prior to 3.8.4 Moodle versions prior to 3.7.7 Description: The issue is related to a reflected XSS risk in the admin task log filter. This suggests a potential for malicious script execution due ...

Acronis: DLL Hijacking when sending feedback and crash report leading to Privilege Escalation

Vulnerability description not provided...

CVE-2020-7330

Privilege Escalation vulnerability in McAfee Total Protection MTP trial prior to 4.0.176.1 allows local users to schedule tasks which call malicious software to execute with elevated privileges via editing of environment variables...

XiaoCMS backend has arbitrary file read vulnerability

XiaoCms is a web content management system, provides enterprise building system, station system. An arbitrary file read vulnerability exists in the XiaoCMS backend. An attacker can exploit the vulnerability to read task files...

CVE-2020-25825

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...

CVE-2020-25825

In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs...

Acronis: DLL Hijacking when performing operations in Acronis Secure Zone partition leading to Privilege Escalation

Vulnerability description not provided...

Moderate: Red Hat Bug Fix Advisory: Ansible 2.8.16 release for Ansible Engine 2.8

Ansible 2.8.16 release for Ansible Engine 2.8 Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written i...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2020-26166

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...