Genian NAC V5.0 & Genian NAC Suite V5.0 Security Vulnerabilities

CVE-2024-2648 Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...

(RHSA-2024:1427) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

(RHSA-2024:1425) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

(RHSA-2024:1423) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

(RHSA-2024:1372) Moderate: redhat-ds:11 security, bug fix, and enhancement update

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration. Security Fix(es): 389-ds-base: A heap overflow flaw that leads.....

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In

In an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2024:1423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1423 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

RHEL 9 : libreoffice (RHSA-2024:1425)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1425 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Tramyardg Autoexpress 1.3.0 SQL Injection

...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2024:1427)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1427 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Gaining kernel code execution on an MTE-enabled Pixel 8

In this post, I'll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed in the Arm Mali driver version r47p0, which was released publicly on December 14, 2023. It was fixed in Android in the March security update. When exploited, this....

(RHSA-2024:1353) Important: Red Hat Process Automation Manager 7.13.5 security update

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This asynchronous security...

Record Breaking $153,000+ Already Invested into the Security of the WordPress Ecosystem by Wordfence – More to Come!

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! In just a few short months since our launch in November of last...

IBM Maximo Application Suite and IBM Maximo Application Suite Information Disclosure Vulnerability

IBM Maximo Asset Management and IBM Maximo Application Suite are both products of International Business Machines (IBM).IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution. The solution is capable of managing all types of assets, such as facilities,...

IBM Maximo Application Suite Log Information Disclosure Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines (IBM). A log information disclosure vulnerability exists in IBM Maximo Application Suite versions 8.10 and...

IBM Maximo Application Suite Cross-Site Scripting Vulnerability

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines (IBM). A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 7.6.1.3, which...

K000138931 : Intel CPU vulnerability CVE-2023-32666

Security Advisory Description On-chip debug and test interface with improper access control in some 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2023-32666) Impact....

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

CVE-2024-27266

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

CVE-2024-27266 IBM Maximo Application Suite XML external entity injection

IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: ...

Security Bulletin: There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-43643)

Summary There is a vulnerability in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details ** CVEID: CVE-2023-43643 DESCRIPTION: **AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker.....

Security Bulletin: IBM Maximo Asset Management application may be affected by XML External Entity (XXE) attack (CVE-2024-27266)

Summary IBM Maximo Asset Management application may be affected by XML External Entity (XXE) attack. Vulnerability Details ** CVEID: CVE-2024-27266 DESCRIPTION: **IBM Maximo Application Suite is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote...

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-38723

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

CVE-2023-43043

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: ...

CVE-2023-43043

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: ...

CVE-2023-32335

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

Cross site scripting

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

Information disclosure

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

Information disclosure

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: ...

CVE-2023-32335 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11 and IBM Maximo Asset Management 7.6.1.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: ...

CVE-2023-43043 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite - Maximo Mobile for EAM 8.10 and 8.11 could disclose sensitive information to a local user. IBM X-Force ID: ...

CVE-2023-38723 Maximo Asset Management cross-site scripting

IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...

Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159

Summary IBM Maximo Application Suite uses follow-redirects-1.15.2.tgz which is vulnerable to CVE-2023-26159. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION: **follow-redirects could allow a remote attacker.....

K000138895 : BIND vulnerability CVE-2023-5679

Security Advisory Description A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through.....

Client Details System 1.0 SQL Injection

...

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2023-38723)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting. Vulnerability Details ** CVEID: CVE-2023-38723 DESCRIPTION: **IBM Maximo Application Suite is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus.....

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2023-32335)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2023-32335 DESCRIPTION: **IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information...

Security Bulletin: IBM Maximo Mobile for EAM is vulnerable to Information Disclosure LDAP only (CVE-2023-43043)

Summary IBM Maximo Mobile for EAM could disclose sensitive information to a local user. Vulnerability Details ** CVEID: CVE-2023-43043 DESCRIPTION: **IBM Maximo Application Suite - Maximo Mobile for EAM could disclose sensitive information to a local user. CVSS Base score: 5.1 CVSS Temporal...

Security Bulletin: IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920

Summary IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details ** CVEID: CVE-2023-37920 DESCRIPTION: **An unspecified error with the removal of.....

Client Details System 1.0 - SQL Injection Vulnerability

...

Client Details System 1.0 - SQL Injection

...

KLA65131 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Data Studio can be exploited...

CVE-2024-25114

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should.....

CVE-2024-25114

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should.....

Design/Logic Flaw

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should.....

CVE-2024-25114 Sensitive Information Disclosure (JailID) to users in Collabora Online

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should.....