Monthly Archive: March 2022

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious...

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.3.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal bug, compounded by an...

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Date published : 2022-03-23 https://support.hp.com/us-en/document/ish_5950417-5950443-16

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Date published : 2022-03-23 https://support.hp.com/us-en/document/ish_5950417-5950443-16

Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. Date published : 2022-03-23 https://support.hp.com/us-en/document/ish_5950417-5950443-16

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Date published : 2022-03-23 https://github.com/metaStor/Vuls/blob/main/zzzcms/zzzphp%20V2.1.0%20RCE/zzzphp%20V2.1.0%20RCE.md

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. Date published : 2022-03-23 https://github.com/taogogo/taocms/issues/25

TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as...

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to...

VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor...

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code...

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276. Date published :...

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Date published : 2022-03-23 https://huntr.dev/bounties/4d7d4fc9-e0cf-42d3-b89c-6ea57a769045 https://github.com/crater-invoice/crater/commit/88035ea49082f7053a37ef07bf3587e09d9d22b4

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid...