CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...

Litespeed Technologie OpenLiteSpeed 代码问题漏洞

Litespeed Technologie OpenLiteSpeed is an open source web server from Litespeed Technologie. A code issue vulnerability exists in LiteSpeed Technologies OpenLiteSpeed versions prior to 1.6.15 through 1.7.16.1, which stems from its Web Server Container allowing untrusted path searches leading to a...

CVE-2022-42468

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...

PT-2022-27019 · Baramundi · Baramundi Management Suite

Name of the Vulnerable Software and Affected Versions: baramundi Management Suite versions 2021 R1 through 2022 R1 Description: The issue allows remote code execution. It is estimated that a significant number of devices worldwide could be affected, although the exact number is not specified. The...

Joomla! 跨站脚本漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.3 that stems from insufficient filtering of user input...

Gradle 安全漏洞

Gradle is a set of JVM-based project building tools from Gradle, Inc. that supports maven, Ivy repositories, and more. A security vulnerability exists in Gradle Enterprise versions 2022.3 through 2022.3.3. A remote attacker can access application data by exploiting the vulnerability...

io.github.skylot:jadx-dex-input (>=1.3.1 <=1.4.4), io.github.skylot:jadx-java-input (>=1.3.1 <=1.4.4) +2 more potentially affected by CVE-2022-39259 via io.github.skylot:jadx-plugins-api (>=1.3.1 <=1.4.4)

io.github.skylot:jadx-plugins-api MAVEN version =1.3.1, =1.3.1, =1.3.1, =1.3.1, =1.3.1, =1.4.4 Source cves: CVE-2022-39259 Source advisory: OSV:GHSA-3R7J-8MQH-6QHX...

nopCommerce 输入验证错误漏洞

nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce versions 4.10 to 4.50.1, which is caused by an open redirection in the ChangePassword function, SignInCustomerAsync function, SuccessAuthentication method, and NopRedirectResultExecut...

com.splunk.splunkins:splunk-devops-extend (>=1.0 <=1.7.0), com.testinium.jenkins:testinium (=1.0) +27 more potentially affected by CVE-2022-43407 via org.jenkins-ci.plugins:pipeline-input-step (>=2.0 <=2.8)

org.jenkins-ci.plugins:pipeline-input-step MAVEN version =2.0, =1.0, =0.0.15, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-4, =2.2.0, =1.8-beta-1, =1.8-beta-1, =2.0, =2.5 and more Source cves: CVE-2022-43407 Source advisory: OSV:GHSA-G66M-FQXF-3W35...

GHSA-5QWQ-G2HX-R6F7 Hessian Lite for Apache Dubbo deserialization vulnerability

A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.17 and prior versions; Apache Dubbo 3.0.x version 3.0.11 and prior versions; Apache Dubbo 3.1.x version...

PT-2022-24829 · Tuleap +1 · Tuleap +1

Name of the Vulnerable Software and Affected Versions: Tuleap versions 12.9.99.228 through 14.0.99.23 Description: The issue concerns improper verification of authorizations when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix...

Liferay Portal 跨站脚本漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network and more. A security vulnerability exists in Liferay Portal...

FortiTester 操作系统命令注入漏洞

FortiTester is a Fortinet professional-based network traffic testing tool from FortiTester, Inc. A security vulnerability exists in FortiTester versions 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, and 7.0.0 through 7.1.0, which stems from improper invalidation of special elements used in OS command...

GitLab 路径遍历漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A path traversal vulnerability exists in GitLab CE/EE versions 12.7 through...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 10.0 to 15.2.5, 15.3 t...

PT-2022-5187 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.1.7 through 11.2.1 Description: The issue is related to the transmission of critical information in plain text. Exploitation of this issue may allow a remote attacker to disclose protected information. It is...

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-36070 via poetry (>=1.0.0 <=1.1.5)

poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36070 Source advisory: OSV:GHSA-J4J9-7HG9-97G6...

03-api-solid (>=1.0.0 <=1.1.2), 0uth (>=1.0.5 <=1.2.1) +2534 more potentially affected by CVE-2022-39288 via fastify (>=4.0.2 <=4.7.0)

fastify NPM version =4.0.2, =1.0.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =2.0.0, =3.0.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.0.6 and more Source cves: CVE-2022-39288 Source advisory: OSV:GHSA-455W-C45V-86RG...

@magicfinn/gatsby-theme-finn-default (>=1.0.0 <=2.0.40), @panstav/ozen-dashboard-shared (>=0.0.2 <=0.0.7) potentially affected by CVE-2022-35923 via v8n (>=1.2.3 <=1.3.3)

v8n NPM version =1.2.3, =1.0.0, =0.0.2, =0.0.7 Source cves: CVE-2022-35923 Source advisory: OSV:GHSA-XRX9-GJ26-5WX9...