EUVD-2023-1425

Malicious code in bioql PyPI...

EUVD-2023-1279

Malicious code in bioql PyPI...

CVE-2023-28819

Concrete CMS previously concrete5 versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names...

CVE-2023-44765

A Cross Site Scripting XSS vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings...

CVE-2023-28477

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter...

CVE-2023-28473

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...

CVE-2023-28473

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section...

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

CVE-2023-28475

Concrete CMS previously concrete5 versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized...

PT-2023-21742 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue is related to the ccmPoll cookies in Concrete CMS, where the Secure and HTTP only attributes are n...

PT-2023-21987 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0.0 through 9.0.2 Description: The issue is related to Stored XSS in uploaded file and folder names. Recommendations: For Concrete CMS...

PT-2023-21743 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue concerns a possible Auth bypass in the jobs section of Concrete CMS. Recommendations: For versions...

PT-2023-21745 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 8.5.12 and below Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Description: The issue is related to Reflected XSS on the Reply form because the msgID was not sanitized. This allows for...

PT-2021-3725 · Atlassian +4 · Confluence +4

Name of the Vulnerable Software and Affected Versions: Apache Commons Compress versions 1.19 through 1.21 Apache Commons Compress version 1.22 Confluence Data Center versions from 7.19.23 to 8.9.3 Confluence Data Center versions from 8.5.10 to 8.5.11 Confluence Server versions from 7.19.23 to...

CVE-2021-26075

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an...

Flexense DiskBoss Enterprise Control Protocol Denial of Service Vulnerability

Flexense DiskBoss Enterprise is a rules-based automated data management solution from Flexense Canada. control protocol is one of the control protocols. A denial of service vulnerability exists in Control Protocol in Flexense DiskBoss Enterprise version 8.5.12. The vulnerability can be exploited ...

Amazon Linux AMI : tomcat6 (ALAS-2017-821)

Incorrect handling of pipelined requests when send file was used : A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lo...

Design/Logic Flaw

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

Apache Tomcat Denial of Service Vulnerability (CNVD-2017-05203)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server, which is mainly used for the development and debugging of JSP programs for small and medium-sized systems. A denial-of-service vulnerability exists in Apache...

Apache Tomcat Information Disclosure Vulnerability (CNVD-2017-05527)

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. A security vulnerability exists in Apache Tomcat version...