CVE-2019-16716

OX App Suite through 7.10.2 has Incorrect Access Control...

EUVD-2019-3193

Malware in sbrugna...

EUVD-2019-5472

Malware in sbrugna...

EUVD-2019-5474

Malware in sbrugna...

CVE-2019-11522

OX App Suite 7.10.0 to 7.10.2 allows XSS...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...

SUSE CVE-2021-22132

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

Kibana 7.10.2 < 7.14.1 Code Execution

According to its self-reported version number, the Kibana application running on the remote host is prior to 7.14.1. It is, therefore, affected by : - A code execution vulnerability due to an older version of js-yaml CVE-2021-22150 - An HTML Injection due to a lack of sanitization of document...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.2 release and security update

Red Hat AMQ Broker 7.10.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Important: Red Hat Security Advisory: Red Hat Fuse Online 7.10.2.P1 security update

A patch update from 7.10.1 to 7.10.2.P1 is now available for Red Hat Fuse Online. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Elastic Kibana Code Execution Vulnerability (ESA-2021-21)

Elastic Kibana is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana";...

CVE-2021-22132

Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in...

Elasticsearch 7.10.2 Security Update

Elasticsearch authorization-header storage issue ESA-2021-01 An information disclosure flaw was found in the Elasticsearch async search API. Users who execute an async search will store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive reques...

PT-2021-14860 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.7.0 through 7.10.1 Description: The issue is an information disclosure flaw in the async search API. When an async search is executed, HTTP headers are improperly stored. An Elasticsearch user with read access to the...

Server side request forgery (ssrf)

OX App Suite through 7.10.2 allows SSRF...

CVE-2019-18846

OX App Suite/OX Documents 7.10.2 and earlier are affected by a Server-Side Request Forgery (SSRF) in the attachment API for Calendar/Tasks, where references to attachments could bypass host/protocol checks and cause content from local files or URLs to be added as attachments. Root cause: insuffic...

CVE-2019-16716

OX App Suite through 7.10.2 has Incorrect Access Control...

CVE-2019-16717

OX App Suite through 7.10.2 has XSS...

Open-Xchange AppSuite Multiple Security Vulnerabilities

Description Open-Xchange AppSuite is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication...

CVE-2019-5144

An exploitable heap underflow vulnerability exists in the derivetapsandgains function in kduv7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigge...