Lucene search
+L

76 matches found

nessus
nessus
added 2024/09/25 12:0 a.m.17 views

IBM Cognos Analytics 11.2.x < 11.2.4 FP4 Interim Fix 2 / 12.0.x < 12.0.3 Interim Fix 2 (7160700)

The version of IBM Cognos Analytics installed on the remote host is either prior to 11.2.4 FP4 Interim Fix 2 or i 12.0.3 Interim Fix 2. It is, therefore, affected by an exposed API key as referenced in the IBM Security Bulletin No. 7160700: - A local attacker could obtain sensitive information in...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References2
ibm
ibm
added 2024/08/29 3:33 p.m.29 views

Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2024-24549, CVE-2024-23672, CVE-2024-0727, CVE-2023-6129)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially crafted HTTP/2 requests, a...

7.5CVSS7.4AI score0.23072EPSS
Exploits1Affected Software1
ibm
ibm
added 2024/07/15 7:53 p.m.19 views

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2024-0985)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY. By persuading a victim...

8CVSS8.3AI score0.01465EPSS
Exploits0Affected Software1
ptsecurity
ptsecurity
added 2024/07/02 12:0 a.m.10 views

PT-2024-14289 · Jungo · Windriver

Name of the Vulnerable Software and Affected Versions: Jungo WinDriver versions prior to 12.1.0 Description: A Denial of Service DoS issue allows local attackers to cause a Windows blue screen error. Recommendations: For versions prior to 12.1.0, update to version 12.1.0 or later to resolve the...

5.5CVSS6.6AI score0.00199EPSS
Exploits0References6
osv
osv
added 2024/03/06 11:18 a.m.28 views

BIT-GITLAB-2021-39892

In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users...

4.3CVSS4.2AI score0.01228EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2024/02/22 12:0 a.m.24 views

CVE-2023-4895

An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This vulnerability allows for bypassing the 'group ip restriction' settings to access environment details of...

4.3CVSS5.8AI score0.00376EPSS
Exploits0References3
nessus
nessus
added 2024/02/21 12:0 a.m.25 views

GitLab 12.0 < 16.7.6 / 16.8 < 16.8.3 / 16.9 < 16.9.1 (CVE-2023-4895)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions starting from 12.0 to 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. This...

4.3CVSS5.2AI score0.00376EPSS
Exploits0References4
ibm
ibm
added 2024/01/24 6:54 p.m.32 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-4806, CVE-2023-4155, CVE-2023-4527)

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-4806 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the getaddrinfo function. By sending a specially crafted request, a remote...

6.5CVSS8AI score0.01508EPSS
Exploits1Affected Software1
nessus
nessus
added 2024/01/03 12:0 a.m.26 views

GitLab 12.0 < 14.10.5 / 15.0 < 15.0.4 / 15.1 < 15.1.1 (CVE-2022-2228)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI...

6.5CVSS6.5AI score0.00719EPSS
Exploits0References3
ibm
ibm
added 2023/12/20 2:34 p.m.47 views

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...

8.8CVSS7.1AI score0.01229EPSS
Exploits0Affected Software1
openvas
openvas
added 2023/11/16 12:0 a.m.15 views

XWiki 12.0-rc-1 < 14.10.12, 15.0-rc-1 < 15.5 XSS Vulnerability (GHSA-qcj9-gcpg-4w2w)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

9.6CVSS7.3AI score0.05124EPSS
Exploits1References1
nvd
nvd
added 2023/10/31 9:15 a.m.16 views

CVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

8.8CVSS8.7AI score0.0079EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2023/10/31 12:0 a.m.6 views

PT-2023-32100 · WordPress · Left Right Image Slideshow Gallery Plugin

Name of the Vulnerable Software and Affected Versions: Left right image slideshow gallery plugin for WordPress versions up to, and including, 12.0 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query,...

8.8CVSS6.9AI score0.00797EPSS
Exploits1References6
nvd
nvd
added 2023/10/25 8:15 p.m.26 views

CVE-2023-45136

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

9.6CVSS9.3AI score0.05124EPSS
Exploits1References3
ibm
ibm
added 2023/10/06 1:29 a.m.35 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-35890)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security, caused by the improper encoding in a local configuration file. Vulnerability Details CVEID:CVE-2023-35890 DESCRIPTION: IBM...

5.5CVSS5.3AI score0.00122EPSS
Exploits0Affected Software1
openvas
openvas
added 2023/01/12 12:0 a.m.26 views

SugarCRM 11.0.x < 11.0.5, 12.0.x < 12.0.2 RCE Vulnerability

SugarCRM is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm...

8.8CVSS9.4AI score0.80274EPSS
Exploits4References5
nvd
nvd
added 2022/10/07 6:15 p.m.40 views

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

8.1CVSS0.00492EPSS
Exploits0References2
nessus
nessus
added 2022/09/07 12:0 a.m.38 views

Foxit PDF Editor < 12.0 Multiple Vulnerabilities

According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 12.0. It is, therefore affected by multiple vulnerabilities: - This vulnerability allows remote attackers to disclose sensitive information on affected...

3.3CVSS3.6AI score0.00938EPSS
Exploits0References4
prion
prion
added 2022/08/05 4:15 p.m.25 views

Improper access control

An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required...

5CVSS7.4AI score0.00849EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2022/08/02 12:0 a.m.8 views

PT-2022-20045 · Quest · Quest Kace System Management Appliance

Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance SMA versions prior to 12.0 Description: A hash collision is possible during authentication in the affected software, which may allow authentication with invalid credentials. Recommendations: For version...

9.8CVSS9.5AI score0.00475EPSS
Exploits0References7
Rows per page
Query Builder