79 matches found
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in Apache Struts (CVE-2023-34149)
Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a...
CVE-2023-22274 ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability
Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction...
PT-2023-7076 · Adobe · Robohelp Server
Name of the Vulnerable Software and Affected Versions: Adobe RoboHelp Server versions 11.4 and earlier Description: The issue is related to an Improper Restriction of XML External Entity Reference 'XXE' vulnerability. This could lead to information disclosure by an unauthenticated attacker...
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
Summary IBM Security Guardium has fixed this vulnerability by upgrading the version of MIT krb5 that it uses. Vulnerability Details CVEID:CVE-2022-42898 DESCRIPTION: MIT krb5 is vulnerable to a denial of service, caused by an integer overflow in PAC parsing in the krb5parsepac function. By sendin...
IBM Security Guardium Command Execution Vulnerability (CNVD-2023-66736)
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A command execution vulnerability exists in IBM Security...
Assembly Software Trialworks 跨站脚本漏洞
Assembly Software Trialworks is a feature-rich legal case management platform built by experienced trial attorneys from Assembly Software USA. A security vulnerability exists in Assembly Software Trialworks version v11.4, which stems from the presence of a cross-site scripting XSS vulnerability...
PT-2023-26043 · Assembly · Trialworks
Name of the Vulnerable Software and Affected Versions: Assembly Software Trialworks version 11.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the asset src parameter. This enables the execution of...
Code injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols...
CVE-2023-0042
Removed by vendor...
Apple Mac OS X Security Update (HT212529)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IBM Security Guardium Cross-Site Scripting Vulnerability (CNVD-2022-54639)
IBM Security Guardium is a suite of data protection features from IBM. The platform includes features such as custom UI, report management, and streamlined audit process building. IBM Security Guardium version 11.4 has a cross-site scripting vulnerability that stems from allowing users to embed...
IBM Security Guardium 跨站脚本漏洞
IBM Security Guardium is a suite of data protection features from IBM. The platform includes features such as custom UI, report management, and streamlined audit process building. IBM Security Guardium version 11.4 has a cross-site scripting vulnerability that stems from allowing users to embed...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2019-10086, CVE-2021-41617)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-41617 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when certain non-default configurations are used. By executing an...
Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management Hub is affected by a user password being stored in plain text vulnerability (CVE-2017-1309)
Summary IBM InfoSphere Master Data Management Reference Data Management Hub has addressed the following vulnerability. IBM InfoSphere Master Data Management Reference Data Management Hub stores user credentials in plain text which can be read by a local user. Vulnerability Details CVEID:...
Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424)
Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation. Vulnerability Details CVEID: CVE-2014-7424 DESCRIPTION: Provide sufficient details for someone to tell if they have the problem, but not enough detail that someone with malicious intent...
CVE-2022-0371
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails...
GitLab 8.10.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Information Disclosure Vulnerability
GitLab is prone to a cleartext storage of sensitive information vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Connect CSRF Vulnerability (APSB21-112)
Adobe Connect is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: IBM Data Replication Java SDK Update
Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from...
CVE-2021-30713
A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited...