Linux Distros Unpatched Vulnerability : CVE-2016-0655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local use...

Zimbra Collaboration 安全漏洞

Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from insufficient HTML content...

PT-2024-33253 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.12 Mattermost versions 9.11.x through 9.11.4 Mattermost versions 10.0.x through 10.0.2 Mattermost versions 10.1.x through 10.1.2 Description: The issue allows an attacker to bypass the "Max failed attempt...

CVE-2024-9537

ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...

CVE-2024-9537

ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...

BIT-TOMCAT-2022-42252 Apache Tomcat request smuggling via malformed content-length

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0 to 9.0.67, 10.0.0 to 10.0.26 or 10.1.0 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a request...

Grafana Labs Incorrect Authorization (CVE-2023-6152)

According to its self-reported version number, the version of Grafana Labs running on the remote host is a version 9.5.x prior to 9.5.16, 10.0.x prior to 10.0.11, 10.1.x prior to 10.1.7, 10.2.x prior to 10.2.4 or 10.3.x prior to 10.3.3. It is, therefore, affected by an incorrect authorization...

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

KLA52554 SB vulnerability in Apache Tomcat

Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 9.0.80 Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 10.1.13 Exploitation Malware exis...

Palo Alto Networks PAN-OS 8.1.x < 8.1.23-h1 / 9.0.x < 9.0.16-h3 / 9.1.x < 9.1.14-h4 / 10.0.x < 10.0.11-h1 / 10.1.x < 10.1.6-h6 / 10.2.x < 10.2.2-h2 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.23-h1 or 9.0.x prior to 9.0.16-h3 or 9.1.x prior to 9.1.14-h4 or 10.0.x prior to 10.0.11-h1 or 10.1.x prior to 10.1.6-h6 or 10.2.x prior to 10.2.2-h2. It is, therefore, affected by a vulnerability. - A PAN-O...

GitLab 10.1.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

HCL Technologies Campaign Cross-Site Scripting Vulnerability

HCL Technologies Campaign is a suite of management solutions from HCL Technologies India to help marketers design, execute, measure and optimize marketing campaigns. A cross-site scripting vulnerability exists in HCL Technologies Campaign versions 10.1.x, 11.0.1 and 11.1.0.x. The vulnerability ca...

MariaDB 10.1.0 < 10.1.42 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.1.42. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.42 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are...

MariaDB Server 10.1.x < 10.1.39 Multiple DoS

Binary data 700715.prm...

Default configuration

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorre...

CVE-2019-1672 Cisco Web Security Appliance Decryption Policy Bypass Vulnerability

A vulnerability in the Decryption Policy Default Action functionality of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured drop policy and allow traffic onto the network that should have been denied. The vulnerability is due to the incorre...

IBM Emptoris Supplier Lifecycle Management Open Redirect Vulnerability

IBM Emptoris Supplier Lifecycle Management is a suite of automated management solutions from IBM USA. The product automates all business processes associated with suppliers. An open redirect vulnerability exists in IBM Emptoris Supplier Lifecycle Management versions 10.0.x through 10.1.x. The...

Open redirect

IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to...

CVE-2017-1448

CVE-2017-1448 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.x. The vulnerability is an open redirect that could be exploited by an attacker to spoof the displayed URL and redirect victims to a malicious site, enabling phishing and potential data exposure. IBM security bulletin de...

CVE-2016-8949

CVE-2016-8949 affects IBM Emptoris Supplier Lifecycle Management 10.0.x–10.1.1.x. A remote attacker could exploit an open redirect to spoof the URL and lure victims to a malicious site, enabling phishing and potential data exposure. IBM’s Security Bulletin for Emptoris SLM documents the vulnerabi...