16 matches found
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2021-40894
A Regular Expression Denial of Service ReDOS vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called...
CVE-2021-40894
A Regular Expression Denial of Service ReDOS vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called...
kube-state-metrics may expose secret content in metrics
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
GHSA-C92W-72C5-9X59 kube-state-metrics may expose secret content in metrics
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
Design/Logic Flaw
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
Kube-state-metrics before v1.7.2 exposes secret contents via metrics due to an experimental feature in v1.7.0/1.7.1 that combined with kubectl behavior can place secret data into metric labels. The issue was reverted and fixed in v1.7.2; users running 1.7.0/1.7.1 should upgrade to 1.7.2 as soon a...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-17522
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the adminindex.php?page=settings SITE NAME field aka SITENAME, a related issue to CVE-2011-4709.1...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
Default credentials
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
CVE-2019-16720
CVE-2019-16720 affects ZZZCMS zzzphp v1.7.2, where the upload restriction in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage is insufficient, allowing uploading a .htaccess or .php5 file. The Red Hat and NVD entries confirm the same description. No exploit details, affected ver...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...