3 matches found
CVE-2024-21697
This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...
SQL Injection
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to SQL Injection through the XMLDB editor tool. An attacker with administrative privileges can manipulate database queries and potentially access or modify data without proper authorization by injectin...
karaf: A remote client could create MBeans from arbitrary URLs
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...