Apache Struts Denial of Service Vulnerability (CNVD-2018-06540)

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . A denial of service vulnerability exists in Apache Struts2. Due to the Apache Struts2 REST plug-in , the use of XStream component on the XML...

Multiple Cross-Site Scripting Vulnerabilities in Micro Focus Identity Manager and iManager Identity Manager Plug-in

Micro Focus Identity Manager is a suite of identity management solutions from Micro Focus UK. The solution provides the basis for account provisioning, user self-service, authorization and Web services, and supports data sharing and synchronization. iManager is one of the WEB-based application. Y...

Solaris 10 (x86) : 138536-01

Service Provisioning System 6.0: N1 SPS Webserver 7 Plug-in Patch. Date this patch was last updated by Sun : Jul/18/08 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Design/Logic Flaw

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation...

CVE-2017-15519

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation...

CVE-2017-15519

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0.1 and perform the mitigation steps or upgrade to 4.0 following the product documentation...

CVE-2017-15519

NetApp SnapCenter Server (versions 2.0–3.0.1) is affected by a vulnerability via the NAS File Services plug-in that allows unauthenticated remote attackers to view and modify backup-related data. The root cause is exposure through the Plug-in for NAS File Services, enabling data exposure and back...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

Bookly #1 WordPress Booking Plugin (Lite) <= 13.2 – Unauthenticated Blind Stored XSS

An unauthenticated user can inject arbitrary persistent javascript code in the admin panel via Bookly plug-in...

[SECURITY] Fedora 27 Update: bind-dyndb-ldap-11.1-8.fc27

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

CVE-2017-17786

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c related to bgr2rgb.part.1 via an unexpected bits-per-pixel value for an RGBA image...

CVE-2017-17786

In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c related to bgr2rgb.part.1 via an unexpected bits-per-pixel value for an RGBA image...

CVE-2017-17787

In GIMP 2.8.22, there is a heap-based buffer over-read in readcreatorblock in plug-ins/common/file-psp.c...

CVE-2017-15517

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution...

Information disclosure

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution...

CVE-2017-15517

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution...

CVE-2017-15517

CVE-2017-15517 affects the NetApp AltaVault OST Plug-in (versions prior to 1.2.2). The vulnerability enables a local attacker to obtain sensitive information via unspecified vectors, resulting in partial confidentiality impact (no integrity/availability impact stated). The fixed version is 1.2.2 ...

CVE-2017-15517

AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution...

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2017:2998)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

mysql: Server: Audit Plug-in unspecified vulnerability (CPU Apr 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Audit Plug-in. Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...