Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-37027: Advisories - Compass Security

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.

CVE
Open in Source
#xss#vulnerability#web#java#rce#auth

Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.

29.09.2022

Efficient cyber defence needs more automation. Thus, a myriad of tools gets released that promise to identify and prevent malicious code. Most tools…

Read more

21.09.2022

Stephan Sekula identified an XSS vulnerability on the Camunda Platform 7.

Read more

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE