49 matches found
PT-2024-5137
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The issue is related to the Permission Model in Node.js, which incorrectly assumes that any path starting with two backslashes has a four-character prefix that can be ignored. This subtle b...
CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy
Vendor Master Hierarchy - versions SAPAPPL 500, SAPAPPL 600, SAPAPPL 602, SAPAPPL 603, SAPAPPL 604, SAPAPPL 605, SAPAPPL 606, SAPAPPL 616, SAPAPPL 617, SAPAPPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lea...
Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)
Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...
PT-2022-6799 · Unknown +2 · Openimageio +2
Name of the Vulnerable Software and Affected Versions: OpenImageIO versions master-branch-9aeece7a through v2.3.19.0 Description: A heap-based buffer overflow vulnerability exists in the tile decoding code of the TIFF image parser. This issue can be triggered by a specially-crafted TIFF file,...
Security Bulletin: IBM Event Streams is affected by potential data integrity issue (CVE-2020-25649)
Summary IBM Event Streams is potentially vulnerable to a data integrity issue Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly. A remote attacker could exploit th...
CVE-2020-14797
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
Oracle MySQL Server Component Input Validation Error Vulnerability (CNVD-2019-26675)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Input validation error vulnerability in the InnoDB subcomponent of the MySQL Server component in Oracle MySQL, version 8.0.16 and earlier. An attacke...
CVE-2016-0640
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML...
CVE-1999-0165
NFS cache poisoning...