101 matches found
PHP 8.5.x < 8.5.1 Multiple Vulnerabilities - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
EUVD-2013-0606
Malware in sbrugna...
Grafana 8.5.x < 8.5.21 Multiple Vulnerabilities
According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 8.5.21, or 9.2.x earlier than 9.2.13, or 9.3.x earlier than 9.3.8. It is, therefore, affected by multiple vulnerabilities: - A Cross-site Scripting vulnerability. - A Cross-site Scripting...
Red Hat Enterprise Linux SEoL (8.4.x, 8.5.x)
According to its version, Red Hat Enterprise Linux is 8.4.x or 8.5.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...
BIT-TOMCAT-2022-42252 Apache Tomcat request smuggling via malformed content-length
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0 to 9.0.67, 10.0.0 to 10.0.26 or 10.1.0 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a request...
KLA52554 SB vulnerability in Apache Tomcat
Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 9.0.80 Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 10.1.13 Exploitation Malware exis...
Apache Tomcat SEoL (8.5.x)
According to its version, Apache Tomcat is 8.5.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL 80900 C...
Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25148)
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba h...
Apache Tomcat 11.0.0-M1 < 11.0.0-M3 Denial Of Service
The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.85, 9.0.0-M1 prior to 9.0.71, 10.1.0-M1 prior to 10.1.5 or 11.0.0-M1 prior to 11.0.0-M3. It is, therefore, affected by a denial of service due to a vulnerability in the file upload functionality in the Apache Commons...
Apache Tomcat 10.1.0-M1 < 10.1.2 JsonErrorReportValve Injection
The version of Apache Tomcat installed on the remote host is 8.5.x to 8.5.83, 9.0.0-M1 to 9.0.68 or 10.1.0-M1 to 10.1.1. It is, therefore, affected by a JsonErrorReportValve injection vulnerability. The JsonErrorReportValve did not escape the type, message or description values. In some...
GHSA-3GX6-H57H-RM27 Drupal Core Remote Code Execution Vulnerability
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control
VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...
CVE-2022-22951
CVE-2022-22951 affects VMware Carbon Black App Control (versions 8.5.x prior to 8.5.14; 8.6.x prior to 8.6.6; 8.7.x prior to 8.7.4; 8.8.x prior to 8.8.2). The vulnerability is an OS command injection caused by improper input validation that could allow an authenticated, highly privileged attacker...
Tomcat versions bundled with the Crowd product are vulnerable to CVE-2021-33037
The different Tomcat versions 8.5.X bundled to the Atlassian Crowd product versions lower than Crowd 4.4.1 are vulnerable to CVE-2021-33037|https://vulners.com/cve/CVE-2021-33037 The Tomcat versions from 8.5.0 to 8.5.66 are affected by the mentioned...
CVE-2021-37735
A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...
CVE-2021-27653
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure...
Pegasystem PEGA Platform 访问控制错误漏洞
Pegasystem PEGA Platform is a suite of application development platforms from Pegasystem UK. The platform is used to develop applications for BPM Business Process Management, Case Management, Real Time Decision Making and CRM Customer Relationship Management. An access control error vulnerability...
CVE-2021-25146
The CVE-2021-25146 vulnerability affects Aruba Instant Access Point (IAP) devices, enabling remote arbitrary command execution via the Aruba Instant CLI/management interfaces. Affected products/versions include Aruba Instant 6.5.x up to 6.5.4.17 and below; 8.3.x up to 8.3.0.13 and below; 8.5.x up...
CVE-2021-25143
A remote denial of service dos vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that addre...
CVE-2019-5317
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...