Security Bulletin: On Windows, any local user can connect to the Informix Server as another user without requiring a password.

Summary Using DB-Access, any local user can connect as another user without needing a password. However, only the designated login user should be allowed to connect without a password. Vulnerability Details CVEID:CVE-2024-45675 DESCRIPTION: IBM Informix Dynamic Server could allow a local user on...

CVE-2025-59596

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash...

CVE-2025-59596

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash...

EUVD-2014-1497

Malware in sbrugna...

CVE-2025-54089 Cross-site Scripting vulnerability in Secure Access prior to 14.10

CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges...

CVE-2025-54087 Server-side request forgery in Secure Access

CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and...

CVE-2025-54086 Excess Permissions in Warehouse

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges require...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by Ivanti, Inc. to enable remote secure access, supporting enterprise-class VPN connections and encrypted access to resources. Ivanti Secure Access Client suffers from an open redirection vulnerability that originates from an...

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client from Ivanti USA. A security vulnerability exists in Ivanti Secure Access Client versions prior to 14.10 that stems from vulnerability to cross-site scripting attacks...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab CE and EE versions 14.10...

Vulnerabilities fixed in XWiki

XWiki has fixed vulnerabilities in the rendering system and the default macro content parser. The vulnerabilities in the XWiki rendering system allowed attackers to perform XSS attacks due to the dependency on the xdom+xml/current syntax. This vulnerability has been fixed in version 14.10. In...

CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

Canonical Ubuntu Linux SEoL (14.10.x)

According to its version, Canonical Ubuntu Linux is 14.10.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

OPENSUSE-SU-2024:13410-1 postgresql14-14.10-1.1 on GA media

These are all security issues fixed in the postgresql14-14.10-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2022-41862 affecting package postgresql for versions less than 14.11-1

CVE-2022-41862 affecting package postgresql for versions less than 14.11-1. This CVE either no longer is or was never applicable...

AZL-32106 CVE-2023-5868 affecting package postgresql for versions less than 14.10-1

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

CVE-2023-28523

CVE-2023-28523 : IBM Informix Dynamic Server 12.10 and 14.10 onsmsync are vulnerable to a heap buffer overflow due to improper bounds checking, potentially allowing arbitrary code execution. Remediation per IBM advisories: upgrade to IDS 14.10.FC10W1 or IDS 12.10.FC16W1; for Cloud Pak for Data, u...

CVE-2023-28527 IBM Informix Dynamic Server buffer overflow

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206...

SUSE-SU-2023:4418-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Security issues fixed: CVE-2023-5868: Fix handling of unknown-type arguments in DISTINCT 'any' aggregate functions. This error led to a text-type value being interpreted as an unknown-type value that is, a zero-terminated string at runtime...