A path traversal vulnerability in Grafana may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vCenter Server, allows unauthenticated attackers to execute system commands.
JNDI features used in configuration, log messages, and parameters present in Apache Log4j2 do not protect against attacker controlled LDAP and other JNDI related endpoints. This library, used by VMware vRealize Operations Manager, allows unauthenticated attackers to execute system commands.
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space.
An OGNL injection vulnerability in Confluence Server and Data Center allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
The password input field in the "/auth/" and "/auth/change" endpoints of Cisco HyperFlex HX Installer Virtual Machine allow an unauthenticated attacker to execute systems commands as root.
A path traversal vulnerability in Apache HTTP server may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
This vulnerability is a bypass of CVE-2021-41773.
This vulnerability is a bypass of CVE-2021-41773.
A path traversal vulnerability in Apache HTTP server may allow an unauthenticated attacker to download system files through specially crafted HTTP resource requests.
A remote code execution vulnerability exists in OMI. An unauthenticated, remote attacker can exploit this flaw by sending a specially crafted request to a vulnerable service over a publicly accessible remote management port.
A reverse proxy bypass vulnerability allows attackers to access restricted endpoints as declared in the analytics-proxy.conf file.
Combined with a unrestricted file upload vulnerability present in the DataAppAgentController class, when using the action=collect parameter, allows attackers to execute systems commands as root.
Combined with a unrestricted file upload vulnerability present in the DataAppAgentController class, when using the action=collect parameter, allows attackers to execute systems commands as root.