Team folders access control vulnerability

Team Folders is an open-source file sharing software developed by Nextcloud. Versions of Team Folders from 17.0.0 to 17.0.15, from 18.0.0 to 18.1.12, from 19.0.0 to 19.1.16, from 20.0.0 to 20.1.11, and from 21.0.0 to 21.0.4 contain an access control vulnerability. This vulnerability stems from a...

BIT-JAVA-MIN-2024-21211

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and...

CVE-2023-22592

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073...

Security Bulletin: IBM Robotic Process automation is vulnerable to storing sensitive data in temporary memory (CVE-2022-41295)

Summary IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. Vulnerability Details CVEID:CVE-2022-41295 DESCRIPTION: IBM Robotic Process Automation Client may be vulnerable to sensitive data in temporary managed memory. CVSS Base score: 4 CVSS...

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

JDK: Array indexing integer overflow (8328544)

Vulnerability in Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java...

SUSE-SU-2024:2578-1 Security update for java-21-openjdk

This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 July 2024 CPU: - CVE-2024-21131: Fixed a potential UTF8 size overflow bsc1228046. - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length bsc1228047. - CVE-2024-21140: Fixed a pre-loop limit...

IBM Robotic Process Automation 信息泄露漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An information disclosure vulnerability exists in IBM Robotic Process Automati...

SUSE CVE-2021-32766

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA.IBM Robotic Process Automation for IBM Cloud Pak has a security...

CVE-2022-43574

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."...

Code injection

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214...

CVE-2022-41294

IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21.0.4 is vulnerable to cross origin resource sharing using the bot api. IBM X-Force ID: 236807...

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross site scripting due to jquery-ui (CVE-2022-31160)

Summary jquery-ui is used by IBM Robotic Process Automation as part of the RPA Dashboard. CVE-2022-31160 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A...

PT-2022-25797 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.4 Description: The issue is related to cross-origin resource sharing using the bot API. Recommendations: For versions 21.0.0 through 21.0.4, consider restricting access to the bot AP...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation for Cloud Pak versions 21.0.3 through 21.0.4, I...

PT-2021-19915 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.0.1 Description: The Nextcloud Text application, which ships with the Nextcloud Server, returns different error message...

Nextcloud 访问控制错误漏洞

Nextcloud server is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is vulnerable to authorization issues in versions prior to 20.0.12, 21.0.4 or 22.1.0. The vulnerability stems from a lack of authentication...

PT-2021-19939 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The issue affects Nextcloud server, an open-source, self-hosted personal cloud. An attacker can bypass...