EUVD-2022-41317

Malicious code in bioql PyPI...

EUVD-2024-48352

Malicious code in bioql PyPI...

OpenText Network Node Manager i 安全漏洞

OpenText Network Node Manager i is a performance monitoring and topology mapping software from OpenText Canada. A security vulnerability exists in OpenText Network Node Manager i versions 2022.11, 2023.05, 23.4, and 24.2, which originates from improper input neutralization during web page...

OpenText Network Node Manager i 安全漏洞

OpenText Network Node Manager i is a performance monitoring and topology mapping software from OpenText Canada. A security vulnerability exists in OpenText Network Node Manager i versions 2022.11, 2023.05, 23.4, and 24.2, which originates from allowing URL redirection to untrusted sites...

PT-2024-38340 · Opentext · Opentext Network Node Manager I

Name of the Vulnerable Software and Affected Versions: OpenText Network Node Manager i NNMi versions 2022.11 through 24.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This could allow Cross-Site Scripting...

PT-2024-38341 · Opentext · Opentext Network Node Manager I

Name of the Vulnerable Software and Affected Versions: OpenText Network Node Manager i versions 2022.11 through 24.2 Description: The issue affects OpenText Network Node Manager i, allowing URL Redirector Abuse due to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. This enables...

CVE-2024-36366

In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations...

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

CVE-2023-4964 Potential open redirect vulnerability in opentext SMAX and AMX product.

Potential open redirect vulnerability in opentext Service Management Automation X SMAX versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X AMX versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers ...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

CVE-2023-23130

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP cleartext with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS durin...

CVE-2023-23126

Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack...

Authentication flaw

DISPUTED Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP cleartext with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than...

PT-2023-18850 · Connectwise · Connectwise Automate

Name of the Vulnerable Software and Affected Versions: Connectwise Automate version 2022.11 Description: The issue concerns cleartext authentication, where authentication is performed via HTTP with SSL disabled. This is reportedly controlled by a configuration option, allowing customers to choose...

ConnectWise Automate 安全漏洞

ConnectWise Automate is a cloud-based, local IT automation solution from ConnectWise USA. The product supports content management, file sharing, IT asset tracking and management, and more. A security vulnerability exists in ConnectWise Automate version 2022.11 that stems from vulnerability to...

PT-2023-18847 · Connectwise · Connectwise Automate

Name of the Vulnerable Software and Affected Versions: Connectwise Automate version 2022.11 Description: The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is...

Micro Focus Operations Bridge Manager 跨站脚本漏洞

Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11, Micro Focus Micro Focus Operations Bridge- Containerized versions...

PT-2022-27274 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.11 Description: The issue allows users with valid credentials to submit crafted XMLRPC requests, causing a recursive XML entity expansion. This leads to excessive use of...

LAVA 安全漏洞

LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credential...

PT-2021-24031 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the en...