Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a web-based cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite 7.10.4 and prior...

F5 Big-IP Vulnerable to Security-Bypass Bug

F5 Networks’ Big-IP Application Delivery Services appliance contains a Key Distribution Center KDC spoofing vulnerability, researchers disclosed – which an attacker could use to get past the security measures that protect sensitive workloads. Join Threatpost for “Fortifying Your Business Against...

[SECURITY] [DSA 4907-1] composer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4907-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 29, 2021 https://www.debian.org/security/faq -...

GitHub Missing Audit Logging

Original blog post here: https://wwws.nightwatchcybersecurity.com/2021/04/25/supply-chain-attacks-via-github-com-releases/ SUMMARY Release functionality on GitHub.com allows modification of assets within a release by any project collaborator. This can occur after the release is published, and...

firefox security update

78.10.0-1.0.1 - Remove upstream references Orabug: 30143292 - Update distribution for Oracle Linux Orabug: 30143292 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 78.10.0-1 - Update to 78.10.0...

Debian DSA-4899-1 : openjdk-11 - security update

It was discovered that the OpenJDK Java platform incompletely enforced configuration settings used in Jar signing verifications. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4899. The...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

Design/Logic Flaw

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2267

CVE-2021-2267 concerns the Oracle E-Business Suite, specifically the Oracle Labor Distribution UI component. Affected versions are 12.1.1–12.1.3. The vulnerability allows a low-privilege, network-accessible attacker (via HTTP) to compromise Oracle Labor Distribution, potentially leading to unauth...

br.com.swconsultoria:java-cte (>=3.00.4 <=3.00.8), br.com.swconsultoria:java-mdfe (>=3.00.3 <=3.00.4) +1215 more potentially affected by CVE-2020-26939 via org.bouncycastle:bcprov-jdk16 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk16 MAVEN version =1.38, =3.00.4, =3.00.3, =4.00.10, =1.0, =2.0, =1.2.4, =2.0.0, =2.1, =2.1, =2.10.0, =2.10.0, =2.11.0 and more Source cves: CVE-2020-26939 Source advisory: OSV:GHSA-72M5-FVVV-55M6...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2021-38780)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability in Oracle E-Business Suite's...

Design/Logic Flaw

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabri...

Tibco Software TIBCO Administrator SQL注入漏洞

Tibco Software TIBCO Administrator is an application from the American company Tibco Software. It is used to manage users, monitor computers and deploy applications that use TIBCO products. A SQL injection vulnerability exists in TIBCO Software, which can be exploited by an attacker to perform a...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability in Oracle E-Business Suite's...

[SECURITY] [DSA 4893-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4893-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 19, 2021 https://www.debian.org/security/faq -...

SQL Injection Vulnerability in Gas Call Distribution System of Shenzhen Puyan Computer Software Technology Co.

Shenzhen Puyan Computer Software Technology Co., Ltd. gas call distribution system is a comprehensive service system based on CTI computer and telephone integration technology. There is a SQL injection vulnerability in the Gas Call Distribution System of Shenzhen Puyuan Computer Software Technolo...

Shenzhen Puyan Computer Software Technology Co., Ltd. gas call distribution system has a logic flaw vulnerability

Shenzhen Puyan Computer Software Technology Co., Ltd. gas call distribution system is a comprehensive service system based on CTI computer and telephone integration technology. There is a logic flaw vulnerability in the Gas Call Distribution System of Shenzhen Puyuan Computer Software Technology...