Malicious Package

Overview datagrid-text-filter-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious Package

Overview datagrid-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious Package

Overview datagrid-number-filter-web is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...

Security Bulletin: A Security vulnerability found in Dojo Toolkit which is shipped with IBM Security Identity Management product (CVE-2018-15494)

Summary A cross-site scripting issues exists in Dojo Toolkit, which is an open source package used by the IBM Security Identity Manegement product. IBM Security Identity Manegement has updated the packages as required. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is...

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Dojo Toolkit (CVE-2018-15494)

Summary A vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A...

CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x 8.0.0, 8.0.1, 8.1.0 and 8.1.1 and Infinispan 10.0.0 through 12.0.0. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and...

CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x 8.0.0, 8.0.1, 8.1.0 and 8.1.1 and Infinispan 10.0.0 through 12.0.0. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and...

Authentication flaw

A flaw was found in Red Hat DataGrid 8.x 8.0.0, 8.0.1, 8.1.0 and 8.1.1 and Infinispan 10.0.0 through 12.0.0. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and...

CVE-2021-31917

CVE-2021-31917: Affects Red Hat Data Grid 8.x (8.0.0, 8.0.1, 8.1.0, 8.1.1) and Infinispan (10.0.0–12.0.0). Root cause is an authentication bypass on all REST endpoints when Digest authentication is used, exposing data confidentiality, integrity, and availability risks. Remediation in Red Hat advi...

CVE-2021-31917

A flaw was found in Red Hat DataGrid 8.x 8.0.0, 8.0.1, 8.1.0 and 8.1.1 and Infinispan 10.0.0 through 12.0.0. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism

A flaw was found in Red Hat DataGrid and Infinispan. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-31917

A flaw was found in Red Hat DataGrid and Infinispan. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Red Hat Infinispan授权问题漏洞

Red Hat Infinispan is a suite of distributed caching and key-value NoSQL datastore software from Red Hat USA. A security vulnerability exists in Red Hat DataGrid and Infinispan that stems from the use of DIGEST as an authentication method. An attacker could use this vulnerability to bypass...

Security Bulletin: IBM InfoSphere Information Server is affected by an unescaped string injection in Dojo Toolkit

Summary An unescaped string injection vulnerability in Dojo Toolkit that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709

August 11, 2020-KB4569748 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709 Release Date: August 11, 2020 Version: .NET Framework 4.8 Summary Security improvements An elevation of privilege vulnerability exists when ASP.NET or .NET Framework web applications running on IIS...

Security Bulletin: Vulnerability in Dojo Toolkit affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Unescaped string injection in dojox/Grid/DataGrid is affecting some of the Watson Knowledge Catalog for IBM Cloud Pak for Data web UIs. Vulnerability Details CVEID: CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-suppli...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

GHSA-RQP5-PG7W-832P datagrid contains code Injection backdoor

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party...