Atlassian Confluence 2.x < 8.5.25 Denial of Service

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 2.x prior to 8.5.25, 9.2.x prior to 9.2.7 or 10.x prior to 10.0.2. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issu...

EUVD-2024-0657

Malicious code in bioql PyPI...

Grafana 8.5.x < 8.5.21 Multiple Vulnerabilities

According to its self-reported version, the Grafana install hosted on the remote host is 8.5.x earlier than 8.5.21, or 9.2.x earlier than 9.2.13, or 9.3.x earlier than 9.3.8. It is, therefore, affected by multiple vulnerabilities: - A Cross-site Scripting vulnerability. - A Cross-site Scripting...

BIT-MATTERMOST-2024-1942

Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of...

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

Dell PowerScale OneFS Information Disclosure Vulnerability (CNVD-2022-58231)

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. An information disclosure vulnerability exists in Dell PowerScale OneFS versions 8.2.x through 9.2.x that originates from an error message containing sensitive...

Drupal 9.2.x < 9.2.20 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.20 or 9.3.x prior to 9.3.14. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which...

GitLab 9.2.x - 10.4.6, 10.5.x - 10.5.6, 10.6.x - 10.6.2 XSS Vulnerability

GitLab is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

Drupal 9.2.x < 9.2.11 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of the third party component jQuery UI...

CVE-2021-39049

CVE-2021-39049 affects IBM i2 Analyst’s Notebook 9.2.0, 9.2.1, and 9.2.2, with a stack-based buffer overflow caused by improper bounds checking. A local attacker could overflow a buffer and gain lower-privilege access. IBM’s security bulletin notes a memory-corruption vulnerability and directs re...

Drupal 9.2.x < 9.2.4 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.18, 9.1.x prior to 9.1.12, or 9.2.x prior to 9.2.4. It is, therefore, affected by multiple vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG...

Code injection

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...

Design/Logic Flaw

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...

Information disclosure

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure...

CVE-2021-36281

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an incorrect permission assignment that can allow a low-privileged authenticated user to escalate privileges. Affected component: privilege/permission handling in OneFS API surface. Root cause: misassigned permissions enabling higher-privileg...

CVE-2021-36279

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x are affected by an Incorrect Permission Assignment for a Critical Resource vulnerability. The root cause is misconfigured permissions that can allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged cluster information. Im...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

Cross site scripting

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

CVE-2021-26723

Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS...

Arbitrary Code Execution

rh-postgresql95-postgresql is vulnerable to arbitrary code execution attacks. The vulnerability exists as PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and...