Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2022-4146: hitachi-sec-2023-123: EL Injection Vulnerability in Hitachi Replication Manager

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

CVE
Open in Source
#vulnerability#web#windows#linux
RHSA-2023:4025: Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]

The components for Red Hat OpenShift support for Windows Containers 7.1.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-25173: A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates...

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-37461: metersphere 存在路径穿越漏洞

Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to overwriting files that the metersphere process has access to. This issue has been addressed in version 2.10.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-37781: a security issue was found · Issue #10419 · emqx/emqx

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.

Travelable 1.0 Cross Site Scripting

Travelable version 1.0 suffers from a persistent cross site scripting vulnerability.

BloodBank 1.1 SQL Injection

BloodBank version 1.1 suffers from a remote SQL injection vulnerability.

BloodBank 1.1 Cross Site Scripting

BloodBank version 1.1 suffers from a cross site scripting vulnerability.

Carlisting 1.6 Cross Site Scripting

Carlisting version 1.6 suffers from a cross site scripting vulnerability.

Carlisting 1.6 SQL Injection

Carlisting version 1.6 suffers from a remote SQL injection vulnerability.