### Impact All versions of Argo CD starting with v0.4.0 are vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OIDC provid ...
Continue Reading
July 12, 2022
Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation ...
Continue Reading
July 12, 2022
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. In the case where it does not contain the http string, it is used to build the er ...
Continue Reading
July 12, 2022
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, a ...
Continue Reading
July 12, 2022
The WebAdmin console for a Sophos Unified Threat Management (UTM) appliance was detected on the remote host. Note the plugin attempts to retrieve the firmware version information from the API when HTT ...
Continue Reading
July 12, 2022
olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE ...
Continue Reading
July 12, 2022
olcne [1.5.4-3] - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over [1.5.4-2] - Istio CVE-2022-31045, CVE-2022-29225, CVE-2022-29224,CVE-2022-29226,CVE ...
Continue Reading
July 12, 2022
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, a ...
Continue Reading
July 12, 2022
Back to Main
