605 matches found
Vulnerabilities fixed in Adobe Bridge
Adobe has fixed several vulnerabilities in Bridge. A malicious party could exploit the vulnerabilities to execute arbitrary code in the context of the application, or to access gain access to sensitive data in the context of the application. To do this, the malicious party must trick the victim...
CVE-2022-21935
A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...
CVE-2022-30882
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code remote. When installing the pyanxdns package of version 0.2, the request package will be installed...
HashiCorp go-getter 输入验证错误漏洞
HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. An input validation error vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the inability to...
HashiCorp go-getter 命令注入漏洞
HashiCorp go-getter is a library for HashiCorp's Go golang for downloading files or directories from various sources using URLs as the primary form of input. A command injection vulnerability exists in HashiCorp go-getter version 2.0.2 and prior versions, which stems from the presence of a comman...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the modification of contents in the intermediate build folder by default obj. An attacker can alter the contents of this folder by authenticating and exploiting the...
GHSA-43M6-WVC8-2M7J Mattermost Server's Session ID and Session Token are potentially compromised
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled...
CVE-2021-39043
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2022-29028
A vulnerability has been identified in JT2Go All versions V13.3.0.3, Teamcenter Visualization V13.3 All versions V13.3.0.3, Teamcenter Visualization V14.0 All versions V14.0.0.1. The TiffLoader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker...
CVE-2022-21934
Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...
mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2022-21414
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
UBUNTU-CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows...
PT-2022-11802 · Unknown +3 · Devise-Two-Factor +3
Name of the Vulnerable Software and Affected Versions: devise-two-factor versions prior to 4.0.2 Description: The issue allows reusing a One-Time-Password OTP for one immediately trailing interval due to an incomplete fix. Recommendations: For versions prior to 4.0.2, update to version 4.0.2 or...
CVE-2022-1181
Stored Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.2...
CVE-2021-3602
creationtimestamp| type| source ---|---|--- 2022-03-03 22:26:16+00:00| seen| https://t.me/cibsecurity/38376 2023-11-15 16:53:03+00:00| published-proof-of-concept| https://t.me/BABATATASASA/5977...
PT-2022-16827 · Unknown · Fluture-Node
Name of the Vulnerable Software and Affected Versions: Fluture-Node versions 4.0.0 through 4.0.1 Description: Using followRedirects or followRedirectsWith with any of the redirection strategies built into Fluture-Node, paired with a request that includes confidential headers such as Authorization...
Time-Based One-Time Password (TOTP) Reuse
Overview Affected versions of this package are vulnerable to Time-Based One-Time Password TOTP Reuse due to an improper fix of CVE-2015-7225, which makes it possible to reuse the OPT after 1 interval 30 seconds by default. If otpalloweddrift is configured, the OTP will be valid for the entire...
CVE-2022-24552
A flaw was found in the REST API in StarWind Stack. REST command, which manipulates a virtual disk, doesn’t check input parameters. Some of them go directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with roo...
Servisnet Tessa 授权问题漏洞
Servisnet Tessa is a web application from Servisnet Turkey. Servisnet Tessa version 0.0.2 suffers from an authorization issue vulnerability that stems from a lack of valid validation in the Authorization HTTP header. An attacker can use this vulnerability to add a new sysadmin user by manipulatin...