CVE-2022-22312

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...

Heap overflow

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...

CVE-2022-22323

IBM Security Identity Manager’s Password Synchronization Plug-in for Windows AD (10.x) contains a heap-based buffer overflow leading to denial of service when exploited by an authenticated attacker. The official IBM bulletin confirms CVE-2022-22323 and provides a mitigation: upgrade to IBM Securi...

CVE-2022-22323

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...

Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is vulnerable to a denial of service vulnerability (CVE-2022-22323, CVE-2022-22312)

Summary IBM Security Verify Password Synchronization Plug-in for Windows AD released a fix in response to a denial of service vulnerability caused by a heap-based buffer overflow in the Password Synch Plug-in. Vulnerability Details CVEID: CVE-2022-22323 DESCRIPTION: IBM Security Identity Manager ...

CVE-2022-22312

IBM Security Identity Manager IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of servic...

Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827

A vulnerability has been discovered in Citrix Gateway Plug-in for Windows Citrix Secure Access for Windows. If exploited, this issue would allow an adversary, who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. This issue has the...

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true

Description Hello and thank you for the wonderful library! We use it extensively in our app. However, I think we've identified an XSS vulnerability in the Export plug-in. If you set the exportOptions in your Bootstrap Table to true, then you can force arbitrary Javascript to execute see the...

Jenkins Pipeline Phoenix AutoTest Plugi路径遍历漏洞

Jenkins Pipeline is a set of plug-ins that support the implementation and integration of continuous delivery pipelines into Jenkins.Jenkins Pipeline Phoenix AutoTest Plugi 1.3 and earlier is vulnerable to a path traversal vulnerability that could be exploited by an attacker with Item/Configure...

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL queries.

The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

[SECURITY] Fedora 36 Update: bind-dyndb-ldap-11.9-14.fc36

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

Chamilo LMS Code Injection Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. Chamilo LMS version 1.11.14 contains a code injection vulnerability that could be exploited by attackers to execute arbitrary code via a specially crafted plug-in...

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data...

CVE-2022-22650

CVE-2022-22650 affects macOS, where a plug-in may inherit the host application's permissions and access user data. The issue is addressed by fixes in macOS Big Sur 11.6.5, macOS Monterey 12.3, and Security Update 2022-003 Catalina; it is resolved by the improved checks. No exploitation details ar...

CVE-2022-22650

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data...

UltraVNC has an unspecified vulnerability

UltraVNC is an open source remote terminal control software for the Windows platform. versions of UltraVNC prior to 1.3.8.0 have a security vulnerability in the DSM plug-in that can be exploited by a locally authenticated attacker to achieve Local Elevation of Privilege LPE on vulnerable systems...

UltraVNC 安全漏洞

UltraVNC is an open source remote terminal control software for the Windows platform. versions of UltraVNC prior to 1.3.8.0 have a security vulnerability in the DSM plug-in that can be exploited by a locally authenticated attacker to achieve Local Elevation of Privilege LPE on vulnerable systems...

ROS-20220309-01

A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker, acting remotely, send a specially crafted query to a vulnerable applicati...

Grafana Cross-Site Scripting Vulnerability (CNVD-2022-28802)

Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. A cross-site scripting vulnerability exists in Grafana, which stems from the product's failure to...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - October 2021 - Includes Oracle October 2021 CPU (minus CVE-2021-35550/35561/35603) plus CVE-2021-41035

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...