141 matches found
IBM CICS TX 跨站请求伪造漏洞
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Advanced version 11.1 contains a security vulnerability that stems from a lack of authentication measures or...
PT-2022-22117 · Ibm · Ibm Cics Tx Standard +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard and Advanced version 11.1 Description: The issue is caused by improper validation of input by the HOST headers, leading to HTTP header injection. This could allow an attacker to conduct various attacks against the...
CVE-2022-2250
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL...
CVE-2022-2250
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL...
GitLab 11.1.x - 11.1.7, 11.2.x - 11.2.4, 11.3.x - 11.3.1 Information Disclosure Vulnerability
GitLab is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
IBM DB2 9.7 < 9.7.0 FP11 40985 / 10.1 < 10.1.0 FP6 40986 / 10.5 < 10.5.0 FP11 40988 / 11.1 < 11.1.4 FP6 40997 / 11.5 < 11.5.7 Information Disclosure (Unix)
According to its self-reported version number, IBM Db2 is affected by multiple vulnerabilities: - IBM Db2 is affected by an information disclosure vulnerability when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. CVE-2021-20373 - IB...
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
Zoho ManageEngine ServiceDesk Plus versions 11.3 before 11302, 11.2 before 11208, 11.1 before 11145 and 11.0 before 11012 are vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Note that Nessus has not tested for this issue but has instead relied only on t...
Cross site scripting
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2021-4691 · Foxit · Foxit Pdf Reader +2
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions prior to 11.1 Foxit PDF Editor versions prior to 11.1 Foxit PhantomPDF versions prior to 10.1.6 Description: The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute...
CVE-2021-29763
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267...
CVE-2021-39817
Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability...
Design/Logic Flaw
Adobe Bridge versions 11.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim mus...
Memory corruption
Adobe Bridge version 11.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability...
Adobe Bridge 缓冲区错误漏洞
Adobe Bridge, a free digital asset management application from Adobe, is vulnerable to an out-of-bounds write vulnerability in Adobe Bridge 11.1 and earlier. An attacker could exploit the vulnerability to execute arbitrary code...
Adobe Bridge 缓冲区错误漏洞
Adobe Bridge is a free digital asset management application from Adobe. 11.1 and earlier versions of Adobe Bridge contain a memory out-of-bounds access vulnerability. An attacker could exploit the vulnerability to execute arbitrary code...
Adobe Bridge 缓冲区错误漏洞
Adobe Bridge is a free digital asset management application from Adobe. 11.1 and earlier versions of Adobe Bridge contain an out-of-bounds read vulnerability. An attacker could exploit the vulnerability to execute arbitrary code...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2020 Vulnerability Details CVEID: CVE-2020-4688 DESCRIPTION: IBM Security Guardium could allow a local...
Security Bulletin: IBM Security Guardium is affected by a Privilege Escalation vulnerability (CVE-2020-4952)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-4952 DESCRIPTION: IBM Security Guardium could allow an authenticated user to gain root access due to improper access control. CVSS Base score: 8.8 CVSS Temporal Score: See:...
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2020-35513 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with incorrectly umask during file or directory modification in the NFS network file system function. By sending ...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2021-38770)
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...