Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309.

Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a...

Drupal 8.7.x < 9.5.11 Cache Poisoning

According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 9.5.11, 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.4. In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause...

Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows

Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

Siemens SCALANCE W1750D Classic Buffer Overflow (CVE-2022-37889)

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...

TYPO3 XSS Vulnerability (TYPO3-core-sa-2023-001)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

GitLab 8.7.x - 8.15.7, 8.16.x - 8.16.7, 8.17.x - 8.17.3 Information Disclosure Vulnerability

GitLab is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

CVE-2022-22951

CVE-2022-22951 affects VMware Carbon Black App Control (versions 8.5.x prior to 8.5.14; 8.6.x prior to 8.6.6; 8.7.x prior to 8.7.4; 8.8.x prior to 8.8.2). The vulnerability is an OS command injection caused by improper input validation that could allow an authenticated, highly privileged attacker...

Design/Logic Flaw

A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba...

CVE-2021-25146

The CVE-2021-25146 vulnerability affects Aruba Instant Access Point (IAP) devices, enabling remote arbitrary command execution via the Aruba Instant CLI/management interfaces. Affected products/versions include Aruba Instant 6.5.x up to 6.5.4.17 and below; 8.3.x up to 8.3.0.13 and below; 8.5.x up...

Drupal 8.7.x < 8.7.12 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.x prior to 8.7.12, or 8.8.x prior to 8.8.4. It is, therefore, affected by a cross-site scripting vulnerability. Drupal uses the third-party library CKEditor, which is vulnerable to a cross-site...

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...

CVE-2019-8945

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...

CVE-2019-8946

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

CVE-2019-8946

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

Cross site scripting

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

Cross site scripting

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS...

Cross site scripting

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS...