Grafana Labs Security Bypass (CVE-2023-4822)

According to its self-reported version number, the version of Grafana Labs Enterprise edition running on the remote host is a version 8.0.0 prior to 9.4.17, 9.5.x prior to 9.5.13, 10.0.x prior to 10.0.9 or 10.1.x prior to 10.1.5. It is, therefore, affected by a security bypass vulnerability: - Th...

Atlassian Confluence 7.13.15 < 7.13.19 / 7.19.7 < 7.19.11 / 8.1.1 < 8.4.1 DoS (CONFSERVER-90185)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-90185 advisory. - The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If...

Apache Tomcat DoS Vulnerability (May 2023) - Linux

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

Apache Tomcat 10.1.0.M1 < 10.1.5

The version of Tomcat installed on the remote host is prior to 10.1.5. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat10.1.5security-10 advisory. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in t...

KLA40221 DoS vulnerability in Apache Tomcat

Denial of service vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Fixed in Apache Tomcat 10.1.5 Fixed in Apache Tomcat 9.0.71 Exploitation Public exploits exist for this vulnerability. Related products...

Security Bulletin: Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29526)

Summary Golang Go is vulnerable to allowing a remote attacker to obtain sensitive information which may affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift. Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attack...

CVE-2022-21935

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change...

CVE-2022-21937

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface...

CVE-2022-21934

Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2...

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: I mproper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

CVE-2021-36202

Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

CVE-2021-36202 Metasys UI

Server-Side Request Forgery SSRF vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0....

GitLab 10.1.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 8.8.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 Improper Authorization Vulnerability

GitLab is prone to an improper authorization vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

GitLab 9.4.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 SQLi Vulnerability

GitLab is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Johnson Controls Metasys system 代码问题漏洞

The Johnson Controls Metasys system is a building automation system from Johnson Controls. A code issue exists in Johnson Controls Metasys ADS/ADX/OAS 10-series servers prior to version 10.1.5 and 11-series servers prior to version 11.0.2 in regards to MUI PDF. An authenticated attacker can injec...

Advisory ROSA-SA-2021-1981

Software: sysstat 10.1.5 OS: Cobalt 7.9 CVE-ID: CVE-2019-16167 CVE-Crit: MEDIUM CVE-DESC: sysstat before 12.1.6 has memory corruption due to an integer overflow in remapstruct in sacommon.c. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2019-19725 CVE-Crit: CRITICAL CVE-DESC: sysstat before...

IBM Spectrum Protect Plus Information Disclosure Vulnerability (CNVD-2020-34983)

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

CVE-2020-4565

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935...

Information disclosure

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935...