4774 matches found
Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper...
Remote Code Execution
activemq-broker is vulnerable to remote code execution. A regression that prevents JMX re-bind allows an attacker to execute arbitrary code by passing an empty environment map to MIConnectorServer instead of the map that contains the authentication credentials...
CVE-2012-2160
IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...
Updated targetcli packages fix security vulnerability
An access flaw was found in targetcli, where the /etc/target and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highe...
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure Proxy Summary
Summary Three Eclipse Jetty vulnerabilities were addressed by IBM Sterling Secure Proxy. Vulnerability Details CVE-ID: CVE-2019-10241 Description: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A...
Security Bulletin: A vulnerability in the GSKit component of IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-0201)
Summary A vulnerability has been addressed in the GSKit component of IBM Sterling Connect:Direct for Microsoft Windows. Vulnerability Details CVEID: CVE-2016-0201 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by an MD5 collision. An attacker could...
Security Bulletin: Apache CXF XSS Vulnerability Affects IBM Control Center (CVE-2019-17573)
Summary Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of...
CVE-2017-1659
"HCL iNotes is susceptible to a Cross-Site Scripting XSS Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."...
Cross site scripting
"HCL iNotes is susceptible to a Cross-Site Scripting XSS Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."...
CVE-2018-21248
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials...
Design/Logic Flaw
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials...
CVE-2018-21248
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials...
CVE-2018-21248
Mattermost Server prior to 5.4.0 is affected by an issue that mishandles possession of superfluous authentication credentials. The CVSS-3.1 base score is 7.5 (HIGH) with NETWORK attack vector, no privileges required, and HIGH impact on confidentiality (I: HIGH, C: HIGH) per the advisory. Root cau...
CVE-2020-12874
Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server...
OPENSUSE-SU-2020:0606-1 Security update for squid
This update for squid to version 4.10 fixes the following issues: Security issues fixed: - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buffer...
Command Injection
postfix is vulnerable to command injection. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text...
Information Disclosure
directory server is vulnerable to information disclosure. Directory Server setup scripts created cache files, containing passwords for the Directory and Administration Server administrative accounts, with weak file permissions. A local user could use this flaw to obtain authentication credentials...
CVE-2018-20677
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...
Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573)
Summary There is a Cross-Site Scripting exposure in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input...
CVE-2019-10705
Western Digital SanDisk X600 devices in certain configurations, a vulnerability in the access control mechanism of the drive may allow data to be decrypted without knowledge of proper authentication credentials...