CVE-2022-34329

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

CVE-2022-34329 IBM CICS TX information disclosure

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

CVE-2022-34329 IBM CICS TX information disclosure

IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467...

CVE-2022-35878

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

CVE-2021-38956

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038...

OPENSUSE-SU-2021:1424-1 Security update for civetweb

This update for civetweb fixes the following issues: Version 1.15: boo1191938 / CVE-2020-27304: missing uploaded filepath validation in the default form-based file upload mechanism New configuration for URL decoding Sanitize filenames in handle form Example “embeddedc.c”: Do not overwrite files...

Atlassian Jira 8.6.x < 8.12.1 Support Entitlement Number Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.18, 8.x 8.5.9 or 8.6.x 8.12.1. It is, therefore, affected by an information disclosure vulnerability in the HTTP Response headers allowing a remote attacker with limited...

Atlassian Jira 8.x < 8.5.9 Support Entitlement Number Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.18, 8.x 8.5.9 or 8.6.x 8.12.1. It is, therefore, affected by an information disclosure vulnerability in the HTTP Response headers allowing a remote attacker with limited...

CVE-2020-4815

IBM Cloud Pak for Security CP4S 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system...

Atlassian JIRA < 7.13.18 / 8.0.x < 8.5.9 / 8.6.x < 8.12.1 Information Disclosure (JRASERVER-71646)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by Information Disclosure vulnerability. Affected versions of Jira Server & Data Center allow a remote attacker with limited non-admin privileges to view a Jira...

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

CVE-2020-5931

On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart...

CVE-2020-14183

Affected versions of Jira Server & Data Center allow a remote attacker with limited non-admin privileges to view a Jira instance's Support Entitlement Number SEN via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from versio...

Information disclosure

Affected versions of Jira Server & Data Center allow a remote attacker with limited non-admin privileges to view a Jira instance's Support Entitlement Number SEN via an Information Disclosure vulnerability in the HTTP Response headers. The affected versions are before version 7.13.18, from versio...

Jenkins < 2.243, < 2.235.5 LTS Buffer Corruption in bundled Jetty - Windows

Jenkins is prone to a buffer corruption in bundled Jetty. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Debian: Security Advisory (DLA-2027-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

McAfee Network Data Loss Prevention Information Disclosure Vulnerability (CNVD-2017-07548)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP has a Web server information leakage vulnerability in the server implementation, which can be exploited by remote attackers to exploit other vulnerabilities via the HTTP response...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

Moodle: source code security analysis report

Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...