20 matches found
Astra Linux – Vulnerability in Tomcat9
The “Allocation of Resources Without Limits or Throttling” vulnerability in Apache Tomcat exists. This issue affects Apache Tomcat versions from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, and from 9.0.0.M1 through 9.0.105. The following versions were already at the end of their...
PT-2026-41546
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...
CVE-2026-27217 Substance3D - Painter | NULL Pointer Dereference (CWE-476)
Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue...
CVE-2026-1265
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file...
CVE-2026-21942
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystems. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
CVE-2025-15242
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as...
CVE-2025-12195
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...
GHSA-23HV-MWM6-G8JF Apache Tomcat Session Fixation vulnerability
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...
PT-2025-32907 · Adobe · Substance3D - Painter
Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 11.0.2 and earlier Description: Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read issue that may lead to the disclosure of sensitive memory. Exploitation of this issue...
SUSE CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...
Veeam ONE Cross-Site Scripting Vulnerability
Veeam ONE is a suite of IT monitoring and reporting tools from Veeam USA. The product supports features such as backup monitoring, operational status monitoring of virtual and physical environments. A cross-site scripting vulnerability exists in Veeam ONE versions 11, 11a, and 12 that originates...
PT-2023-31527 · Tongda Oa · Tongda Oa
Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.10 Description: A critical issue has been found, affecting the file general/hr/recruit/plan/delete.php. The manipulation of the PLAN ID argument leads to sql injection. Recommendations: For versions up to 11.10,...
PT-2023-6619 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: Adobe LiveCycle ES4 versions 11.0 and earlier Adobe LiveCycle ES4 version 11.0.1 and later with Java environment 7u21 and earlier Description: A Java insecure deserialization vulnerability allows unauthenticated remote attackers to gain...
Google Android 信息泄露漏洞
Google Android is a Linux-based open source operating system from Google Inc. in the United States. An information disclosure vulnerability exists in System 11 in Google Android, which arises from errors such as configuration during operation of a networked system or product. An unauthorized...
CVE-2020-5984
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x prior to 8.5, version 10.x prio...
PT-2020-14477 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.3 through 13.1.2 Description: The issue is related to Incorrect Access Control in GitLab EE due to the Maven package upload endpoint. This allows for unauthorized access. Recommendations: For GitLab EE versions 11.3...
OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...
OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)
Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
CVE-2018-3052
Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 10.8.x and 11.4.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise MICROS...
CVE-2016-8303
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...