In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess ...
Continue Reading
30 марта, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain condition ...
Continue Reading
28 марта, 2022
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} ...
Continue Reading
28 марта, 2022
UNSUPPORTED WHEN ASSIGNED EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results d ...
Continue Reading
28 марта, 2022
Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression fi ...
Continue Reading
25 марта, 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administrat ...
Continue Reading
25 марта, 2022
A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There ...
Continue Reading
25 марта, 2022
A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not confi ...
Continue Reading
25 марта, 2022
Back to Main
