EUVD-2017-11911

Malware in sbrugna...

Security Bulletin: IBM Workload scheduler vulnerable to CVE-2019-4608 and CVE-2020-5028

Summary IBM Tivoli Dynamic Workload Console is potentially vulnerable to cross-site scripting. Vulnerability Details CVEID:CVE-2019-4608 DESCRIPTION: IBM Tivoli Workload Scheduler is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...

Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-28949 DoS via a large number of User Preferences

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service...

Race condition

A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts...

Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server version 8.3.x, version 9.4.x up to and including version 9.4.0.1, and...

Hitachi Vantara Pentaho Business Analytics Server 安全漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server version 8.3.x, version 9.4.x up to and including version 9.4.0.1, and...

CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

Drupal 9.4.x < 9.4.10 Information Disclosure

According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10, 9.5.x prior to 9.5.2, or 10.0.x prior to 10.0.2. It is, therefore, affected by an information disclosure vulnerability in the Media Library module. Note that the scanner has n...

Drupal 9.4.x < 9.4.7 Third-Party Library Vulnerability

According to its self-reported version, the instance of Drupal running on the remote web server is 9.3.x prior to 9.3.22 or 9.4.x prior to 9.4.7. Drupal uses the Twig third-party library for content templating and sanitization. Multiple vulnerabilities are possible if an untrusted user has access...

Drupal Multiple Vulnerabilities (SA-CORE-2022-016) - Linux

Drupal is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Drupal RCE Vulnerability (SA-CORE-2022-014) - Windows

Drupal is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

GitLab 9.4.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 SQLi Vulnerability

GitLab is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if...

CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...

CVE-2019-10477

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions...

CVE-2019-10477

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions...

CVE-2019-10477

The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions...

Arbitrary Code Execution

rh-postgresql95-postgresql is vulnerable to arbitrary code execution attacks. The vulnerability exists as PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and...

PostgreSQL 9.3.x < 9.3.24 / 9.4.x < 9.4.19 / 9.5.x < 9.5.14 / 9.6.x < 9.6.10 / 10.x < 10.5 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.24, 9.4.x prior to 9.4.19, 9.5.x prior to 9.5.14, 9.6.x prior to 9.6.10, or 10.x prior to 10.5. It is, therefore, affected by multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Eclipse Jetty Integer Overflow Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . An integer overflow vulnerability in the parsing of block lengths in Eclipse Jetty versions 9.2.x and earlier, 9.3.x, and 9.4.x stems from the program's failure to properly handle...