CVE-2022-26977

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS...

CVE-2022-26976

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS...

CVE-2022-26976

The CVE-2022-26976 entry concerns Barco Control Room Management Suite (TransForm N before 3.14). The vulnerability is due to lack of input sanitization in a license file upload mechanism, enabling reflected XSS. The available documents confirm the affected product and the injection vector, but do...

CVE-2022-26975

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication...

CVE-2022-26975

CVE-2022-26975 affects the Barco Control Room Management Suite web application (part of TransForm N) prior to version 3.14. The issue is exposure of log files without authentication, as documented by Red Hat/NVD entries and vendor references. CVSSv3.1 base score 7.5 (HIGH) with HIGH confidentiali...

CVE-2022-26974

The CVE affects Barco Control Room Management Suite web application (TransForm N before 3.14). A lack of input sanitization in the file-upload mechanism allows reflected XSS in the affected component. Red Hat and CNVD entries corroborate the vulnerability before version 3.14. Remediation is to up...

CVE-2022-26973

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details...

CVE-2022-26973

The Barco Control Room Management Suite web application (TransForm N) prior to version 3.14 exposes a license file upload mechanism. The root cause is a flaw in handling the license file name, where manipulating the filename causes the application to return an error message that reveals internal ...

CVE-2022-26972

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS...

CVE-2022-26972

Barco Control Room Management Suite (TransForm N) web application is affected up to version 3.14. The vulnerability stems from unsanitized URL parameters on the /cgi-bin endpoint, enabling reflected cross-site scripting (XSS). Multiple connected sources corroborate the issue and scope, without de...

CVE-2022-26971

Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication...

PT-2022-18149 · Barco · Transform N +1

Name of the Vulnerable Software and Affected Versions: Barco Control Room Management Suite web application, which is part of TransForm N versions prior to 3.14 Description: The issue concerns the exposure of a license file upload mechanism in the web application without requiring authentication...

GHSA-FJ35-M94R-9H4C Maltego incorrectly shares a MISP connection across users in a remote-transform use case

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. Version 1.4.5 contains a patch...

Maltego incorrectly shares a MISP connection across users in a remote-transform use case

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. Version 1.4.5 contains a patch...

CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Versions 2.9.0, 2.8.1, 2.7.2,...

GitHub Security Lab: [CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation

This bug was reported directly to GitHub Security Lab...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

Code injection

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...