Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2022-29457: ADSelfService Plus Release Notes

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

CVE
Open in Source
#sql#xss#csrf#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#ubuntu#linux#cisco#dos#apache#js#java#oracle#intel#rce#perl#ldap#ssrf#log4j#oauth#auth#ibm#postgres#chrome#firefox#sap#ssl
CVE-2022-29457: ADSelfService Plus Release Notes

Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.

CVE-2021-44492: GT.M V7.0-002 Release Notes

An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.

CVE-2021-43286: Releases - Version notes | GoCD

An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a new pipeline on a GoCD server can abuse a command-line injection in the Git URL "Test Connection" feature to execute arbitrary code.

CVE-2022-27416: [Bug] Double-free · Issue #702 · appneta/tcpreplay

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

CVE-2022-27418: Heap-buffer-overflow in tcpreplay · Issue #703 · appneta/tcpreplay

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE-2022-27416: [Bug] Double-free · Issue #702 · appneta/tcpreplay

Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free.

CVE-2022-27418: Heap-buffer-overflow in tcpreplay · Issue #703 · appneta/tcpreplay

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE-2022-24812: Build software better, together

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded ...

CVE-2022-27263: GitHub - strapi/strapi: 🚀 Open source Node.js Headless CMS to easily build customisable APIs

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.