Elvexys StreamX 路径遍历漏洞

Elvexys StreamX is a solution for managing and controlling real-time data collection processes from Elvexys. A path traversal vulnerability exists in Elvexys StreamX versions 6.02.01 through 6.04.34. An attacker could use this vulnerability to gain unauthorized access to files on the server file...

10.13zy1 (=1.0.0), @luminati-io/jake (>=8.0.10-lum.0 <=8.0.10-lum.2) +70 more potentially affected by CVE-2023-26105 via utilities (>=0.0.26 <=1.0.6)

utilities NPM version =0.0.26, =8.0.10-lum.0, =8.0.19-sync, =2.1.0, =0.0.3, =1.1.0, =0.1.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =2.2.0 and more Source cves: CVE-2023-26105 Source advisory: SNYK:JS-UTILITIES-3184491...

ALPINE-CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7...

DEBIAN-CVE-2022-41318

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...

CVE-2022-47581

Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request...

Isode M-Vault 安全漏洞

Isode M-Vault is a high performance secure LDAP/X.500 server from Isode UK. A security vulnerability exists in Isode M-Vault versions R16.0v0 through R17.0v23, which stems from a program that crashes on LDAP v1 bind requests...

PT-2022-24547 · Netapp · Oncommand Insight

Name of the Vulnerable Software and Affected Versions: OnCommand Insight versions 7.3.1 through 7.3.14 Description: The issue is related to an authentication bypass vulnerability in the Data Warehouse component. Recommendations: For OnCommand Insight versions 7.3.1 through 7.3.14, consider...

DEBIAN-CVE-2022-37392

Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2...

Apiman 安全漏洞

Apiman is Apiman Open Source, a flexible open source API management platform for enterprise users. A security vulnerability exists in Apiman versions 1.5.7 through 2.2.3.Final, which stems from insufficient checking of read permissions in the Apiman Manager REST API...

Apache Atlas 路径遍历漏洞

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

Rails 跨站脚本漏洞

Rails is a Ruby-based open source web application framework from the Rails team. A cross-site scripting vulnerability exists in Rails rails-html-sanitizer versions 1.0.3 through 1.4.4, which stems from the vulnerability to cross-site scripting attacks via data URIs when used in conjunction with...

PT-2022-36448 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 2.6.24 through 5.4.223 Description: The issue is related to a warning in the ip vs app net cleanup function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-36483 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v4.19.265 through v4.19.266 Description: The issue is related to the misuse of put device in mISDN register device. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

IBM Content Navigator 缓冲区错误漏洞

IBM Content Navigator is a Web client from International Business Machines IBM. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator, which originates from its susceptibility to loss of...

aicrowd-cli (>=0.1.8 <=0.1.15), aim-cli (>=1.0.0 <=1.2.7rc4) +457 more potentially affected by CVE-2022-24439 via gitpython (>=0.3.4 <=3.1.3)

gitpython PYPI version =0.3.4, =0.1.8, =1.0.0, =1.0.1, =2.0.1, =0.10.0, =0.0.1a0, =0.0.3, =6.1.3, =0.0.3, =0.0.0, =0.1.0, =0.1.0, =0.2.0, =0.3.1 and more Source cves: CVE-2022-24439 Source advisory: OSV:GHSA-HCPJ-QP55-GFPH...

ALPINE-CVE-2022-37325

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash...

auditor (>=0.0.1 <=0.0.2), avrisp (=0.3.0) +29 more potentially affected by unknown CVE via claim (>=0.3.1 <=0.5.0)

claim CARGO version =0.3.1, =0.0.1, =0.1.0, =0.3.0, =0.1.0, =0.2.0, =0.1.1, =0.1.0, =0.0.1, =0.0.2, =0.9.0, =0.8.0, =1.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0077...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

@remy/protect-test (>=1.0.5 <=1.0.10), addons-linter (>=1.3.6 <=1.4.0) +2 more potentially affected by CVE-2022-22984 via snyk (>=0.5.0 <=1.105.0)

snyk NPM version =0.5.0, =1.0.5, =1.3.6, =1.4.0 - imagemin-gm =2.0.1 - web-ext =2.9.2 Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +63 more potentially affected by CVE-2022-22984 via snyk-docker-plugin (>=1.10.2 <=4.9.0)

snyk-docker-plugin NPM version =1.10.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.0.2, =0.0.7, =1.0.1 - @ericblade/quagga2-redux-middleware =1.0.1 and more Source cves: CVE-2022-22984 Source advisory:...