Skip to content

トピトピニュース

Header Image
Category

HIGH

381 Posts

Featured

Posted byGitHub
[phpxmlrpc/phpxmlrpc] code injection in phpxmlrpc/phpxmlrpc
Posted byGitHub
[ghost] ghost vulnerable to unauthorized newsletter modification via improper access controls
Posted byGitHub
[microweber/microweber] Account Takeover Through Password Reset Poisoning
Posted byGitHub
[apache-airflow] OS Command Injection in Apache Airflow

[soap:soap] Apache SOAP’s RPCRouterServlet allows reading of arbitrary files over HTTP

  • Posted inHIGH
  • Posted byGitHub
  • 09/23/202209/28/2022

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previou…

[org.apache.xmlgraphics:batik] Apache Batik vulnerable to Server-Side Request Forgery

  • Posted inHIGH
  • Posted byGitHub
  • 09/23/202209/24/2022

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-40146
https://…

[rdiffweb] rdiffweb Cross-Site Request Forgery vulnerability can lead to user email ID being changed

  • Posted inHIGH
  • Posted byGitHub
  • 09/23/202209/24/2022

rdiffwen prior to version 2.4.7 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can change a user’s email ID. Version 2.4.7 has a fix for this issue.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3274
https://github.com/ikus060/…

[icecoder/icecoder] ICEcoder vulnerable to Path Traversal

  • Posted inHIGH
  • Posted byGitHub
  • 09/23/202209/27/2022

ICEcoder v8.1 allows attackers to execute a directory traversal.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-34026
https://gist.github.com/enferas/85cdbadf5cba32ec7c8db6ea9e6833bf
https://github.com/icecoder/ICEcoder/blob/master/classes/Setti…

[apache-airflow] Apache Airflow vulnerable to Use of Externally-Controlled Format String

  • Posted inHIGH
  • Posted byGitHub
  • 09/23/2022

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-40604
https://github.com/apache/airflow/pull/26337
https://github.com/…

[OctoPrint] OctoPrint Improper Privilege Management vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 09/22/202209/24/2022

OctoPrint prior to 1.8.3 allows a user with read access only to access a privileged user’s account and functionality. Version 1.8.3 contains a patch for this issue.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3068
https://github.com/octoprint…

[org.jenkins-ci.plugins:view26] Jenkins View26 Test-Reporting Plugin improperly validates hostname

  • Posted inHIGH
  • Posted byGitHub
  • 09/22/202209/23/2022

Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.
References

https://nvd.ni…

[org.jenkins-ci.plugins:rundeck] Jenkins Rundeck Plugin Missing Authorization vulnerability

  • Posted inHIGH
  • Posted byGitHub
  • 09/22/202209/23/2022

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.
References

https://nvd.nist.gov/…

[io.jenkins.plugins:cavisson-ns-nd-integration] Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery

  • Posted inHIGH
  • Posted byGitHub
  • 09/22/202209/23/2022

A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 req…

[io.jenkins.plugins:cavisson-ns-nd-integration] Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization

  • Posted inHIGH
  • Posted byGitHub
  • 09/22/202209/23/2022

A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0….

Posts navigation

Previous Posts 1 … 13 14 15 16 17 … 39 Next Posts
トピトピニュース
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close