35 matches found
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
CVE-2024-56462
IBM QRadar SIEM 7.5.0 to 7.5.0 UP15 Interim Fix 002 contains a vulnerability where a privileged user can upload a malicious backup archive, which could be restored to gain access to the underlying operating system. Affected versions: 7.5.0 through UP15 IF002. Root cause and exact remediation are ...
Oracle Linux 8 : postgresql:15 (ELSA-2026-0524)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-0524 advisory. pgaudit pgrepack postgres-decoderbufs postgresql 15.15-1 - Update to 15.15 - Resolves: RHEL-128819 CVE-2025-12818 Tenable has extracted the preceding...
Microsoft Exchange Server 安全漏洞
Microsoft Exchange Server is a set of e-mail service programs from the American Microsoft Corporation Microsoft. It provides email access, storage, forwarding, voice mail, email filtering and screening. A security vulnerability exists in Microsoft Exchange Server. The vulnerability is exploited b...
Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 (KB5057651)
Hotfix update for Exchange Server 2019 CU15 HU2: May 29, 2025 KB5057651 Hotfix update for Microsoft Exchange Server 2019 CU15 HU2 was released on May 29, 2025. It includes fixes for nonsecurity issues and introduces new features. These fixes and features will also be included in later cumulative...
Security update for postgresql15
This update for postgresql15 fixes the following issues: Upgrade to 15.12: CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings bsc1237093. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
Microsoft SQL Server 代码问题漏洞
Microsoft SQL Server is a large commercial database system from Microsoft Corporation that is used under Microsoft Windows. A code issue vulnerability exists in Microsoft SQL Server. An attacker exploiting this vulnerability could remotely execute code. The following products and editions are...
CVE-2024-0310
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy...
Trellix Endpoint Security Cross-Site Scripting Vulnerability
Trellix Endpoint Security ENS is an endpoint security solution from FireEye Trellix USA. A cross-site scripting vulnerability exists in Trellix Endpoint Security ENS Web Control prior to version 10.7.0 Update 15, which originates from a cross-site scripting vulnerability that allows a remote...
SUSE CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than...
PT-2021-18927 · Apple · Ios +2
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15 iPadOS versions prior to 15 Description: The issue allows a malicious application to access photo metadata without needing permission to access photos. This was addressed with improved authentication. Recommendations:...
TIETEN Acronis Cyber Protect 跨站脚本漏洞
Acronis Cyber Protect is an application. Acronis Cyber Protect 15 Update 1 build 26172 has a cross-site scripting vulnerability that stems from cross-site scripting XSS in the console. . No detailed vulnerability details are available at this time...
KB3205416 - Cumulative update 15 for SQL Server 2012 SP2
KB3205416 - Cumulative update 15 for SQL Server 2012 SP2 Cumulative Update 15 CU15 for Microsoft SQL Server 2012 Service Pack 2 SP2 was also released as a SQL Server Security Bulletin on 11/8/2016, KB3194725. See MS16-136 for more information. Because of this, you may already have CU15 installed ...
CVE-2020-9672
Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation...
JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D)
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D...
JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...
OpenJDK: CMM malformed raster memory corruption (2D, 8007675)
The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters, which...
OpenJDK: Specially crafted sample model integer overflow (2D, 8007014)
Unspecified vulnerability in the 2D component in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than...
JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...
OpenJDK proxy mechanism allows non-authorized socket connections (6801497)
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...