Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3319 (ALAS-2026-3319)

The version of nerdctl installed on the remote host is prior to 2.2.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3319 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a...

CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce

Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...

Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to built-in admin account (CVE-2025-3319)

Summary The IBM Storage Protect server contains a built-in admin account which is vulnerable to an authorization bypass attack by using custom client. Vulnerability Details CVEID:CVE-2025-3319 DESCRIPTION: IBM Spectrum Protect Server could allow attacker to bypass authentication due to improper...

CVE-2025-3319

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

CVE-2025-3319

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

CVE-2025-3319

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

CVE-2025-3319 IBM Spectrum Protect Server authentication bypass

IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to bypass authentication due to improper session authentication which can result in access to unauthorized resources...

CVE-2025-3319

IBM Spectrum Protect Server versions 8.1–8.1.26 are affected by an authentication bypass due to improper session authentication, potentially enabling access to unauthorized resources. The IBM security bulletin (CVE-2025-3319) confirms the issue and lists AIX/Linux/Windows platforms; remediation i...

CVE-2011-3319

Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format WRF player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file...

CVE-2010-3319

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file...

CVE-2024-3319

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

RHEL 7 : kernel (RHSA-2024:3319)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3319 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netfilter: nftables: reject...

CVE-2024-3319

CVE-2024-3319 affects SailPoint Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints. An authenticated administrator could execute user-defined templates as part of attribute transforms, enabling remote code execution on the host. Root cause: templating code e...

CVE-2024-3319 Security implication in SailPoint Identity Security Cloud IdentityProfile API Endpoints

An issue was identified in the Identity Security Cloud ISC Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow remote code execution on the host...

CVE-2023-3319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iDisplay PlatPlay DS allows Stored XSS. This issue affects PlatPlay DS: before 3.14...

CVE-2023-3319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14...

CVE-2023-3319 XSS in iDisplays PlatPlay DS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iDisplay PlatPlay DS allows Stored XSS. This issue affects PlatPlay DS: before 3.14...

CVE-2023-3319

CVE-2023-3319 is a stored XSS in iDisplay PlatPlay DS caused by improper neutralization of input during web page generation. Affected: PlatPlay DS versions before 3.14. Content from the connected documents confirms the vulnerability type (Stored XSS) and affected version, but does not provide exp...

CVE-2023-3319 XSS in iDisplays PlatPlay DS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iDisplay PlatPlay DS allows Stored XSS. This issue affects PlatPlay DS: before 3.14...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3319)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3319 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 Tenable has extracted the preceding description block directly from the AlmaLinux...