14 matches found
BIT-JAVA-MIN-2021-2341
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...
EUVD-2022-41797
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-24756
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director = 18.2 but prior to 21.1.0, 20.0.6, and...
CVE-2022-39309
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
Yandex Browser 安全漏洞
Yandex Browser is a desktop version of a web browser from the Russian company Yandex. A security vulnerability exists in Yandex Browser Lite for Android prior to version 21.1.0, which originates from a remote attacker and can result in a denial of service...
CVE-2022-39311
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
CVE-2022-39310
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
Improper access control
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 can allow one authenticated agent to impersonate another agent, and thus receive work packages for other agents due to...
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
Progress Software WhatsUp Gold 安全漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold versions 21.1.0 throu...
CVE-2021-41318
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser...
Progress Software Corporation Progress WhatsUp Gold 跨站脚本漏洞
Progress Software Corporation Progress WhatsUp Gold is a network monitoring software from Progress Software Corporation, USA. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. Progress WhatsUp Gold suffers from a cross-site...