Notepad++ 8.9.4 / 8.9.5 < 8.9.6 Installer Vulnerability

The version of Notepad++ installed on the remote host is 8.9.4 or 8.9.5. It is, therefore, affected by an installer vulnerability: - A vulnerability exists in the Notepad++ installer affecting versions 8.9.4 and 8.9.5 that could allow an attacker to compromise the installation process...

Linux Distros Unpatched Vulnerability : CVE-2020-13670

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they ...

Security Bulletin: Snappy-java is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to CVE-2023-20860 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Framework which is vulnerable to CVE-2023-20860. IBM has addressed this vulnerability. Vulnerability Details CVEID:CVE-2023-20860 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass...

Security Bulletin: Netty is vulnerable to CVE-2023-34462 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netty which is vulnerable to CVE-2023-34462. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS...

Security Bulletin: Apache Commons Codec is vulnerable to PRISMA-2021-0055 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Codec which is vulnerable to PRISMA-2021-0055. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validati...

Security Bulletin: Python Cryptographic Authority cryptography is vulnerable to IBM X-Force ID: 239927 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Python Cryptographic Authority cryptography which is vulnerable to IBM X-Force ID: 239927. IBM has addressed the vulnerability. Vulnerability Details IBM X-Force ID: 239927 DESCRIPTION: Python Cryptographic Authority cryptography is vulnerable to a buffer...

WordPress plugin WP Cerber Security, Anti-spam & Malware Scan 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP Cerber Security, Anti-spam & Malware Scan Plugin...

PT-2022-13178

Name of the Vulnerable Software and Affected Versions: WP Cerber Security, Anti-spam & Malware Scan WordPress plugin versions prior to 8.9.6 Description: The issue is related to an unauthenticated stored Cross-Site Scripting problem. It occurs because the $url variable is not properly sanitized...

WordPress WP Cerber Security plugin <= 8.9.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Cerber Security plugin versions = 8.9.5. Solution Update the WordPress WP Cerber Security plugin to the latest available version at least 8.9.6...

GHSA-C533-C843-67H8 Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor

Cross-site Scripting XSS vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

UBUNTU-CVE-2020-13668

Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

UBUNTU-CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

PT-2020-6899 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 8.8.x prior to 8.8.10 Drupal Core versions 8.9.x prior to 8.9.6 Drupal Core versions 9.0.x prior to 9.0.6 Description: The issue is related to a Cross-site Scripting XSS vulnerability in the ckeditor of Drupal Core,...

PT-2020-13649 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue is related to an Access Bypass vulnerability in Drupal Core, where an attacker can exploit the way HTML is...

PT-2020-13648 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue is an access bypass vulnerability in the Workspaces module of Drupal Core, which fails to properly check acces...

Oracle Hospitality Applications Hospitality Suite8 Component Information Disclosure Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle. The product provides human resources cost management, provide customers throughout the journey to track the management of services to improve customer...

Unspecified Vulnerability in Oracle Hospitality WebSuite8 Cloud Service Component

Oracle Hospitality Applications is a suite of business applications, servers and storage solutions for hospitality management from Oracle. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer satisfaction,...