15 matches found
Apache Wicket has a Session Fixation issue
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...
Debian dsa-6104 : python-keystonemiddleware-doc - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6104 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz...
CVE-2025-54881
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...
Jellyfin 安全漏洞
Jellyfin is a free software media system from Jellyfin Open Source. It allows you to control the management and streaming of media. It is an alternative to the proprietary Emby and Plex for serving media from dedicated servers to end-user devices through multiple applications. A security...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux Virtual Strage Software Agent component allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00...
CVE-2022-38187
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs...
Design/Logic Flaw
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs...
PT-2022-24269 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.0 and below Description: The issue is an HTML injection problem that may allow a remote, authenticated attacker to inject HTML into some locations in the home application. This could potentially be exploit...
DEBIAN-CVE-2020-25715
A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting XSS attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity...
PT-2021-11171 · Pki-Core +6 · Pki-Core +6
Name of the Vulnerable Software and Affected Versions: pki-core version 10.9.0 Description: A flaw was found in the software, allowing a specially crafted POST request to reflect a DOM-based cross-site scripting XSS attack. This can inject code into the search query form, which can get...
DEBIAN-CVE-2020-15720
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the...
Node.js 10.x < 10.9.0 Unintentional Exposure of Uninitialized Memory Vulnerability - Windows
Node.js is prone to an unintentional exposure of uninitialized memory. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Riverbed SteelCentral NetProfiler & NetExpress Virtual Editions < 10.9.0 Multiple Vulnerabilities
The Riverbed SteelCentral NetProfiler and NetExpress virtual appliances are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...
cPanel 10.9 dosetmytheme theme Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20683/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
cPanel 10.9 - 'editzonetemplate?template' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20683/info cPanel is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in th...