Lucene search
K

76 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 10:23 a.m.50 views

Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL

Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...

7.5CVSS7AI score0.50732EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/01/18 5:15 p.m.17 views

Code injection

An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a...

4CVSS4.5AI score0.00949EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/12/13 4:15 p.m.23 views

Information disclosure

An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members...

5CVSS5AI score0.01182EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/12/07 2:15 p.m.20 views

Design/Logic Flaw

Adobe Bridge version 11.1.2 and earlier and version 12.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...

4.3CVSS4.8AI score0.01812EPSS
Exploits0References1Affected Software1
Microsoft Security Update
Microsoft Security Update
added 2021/03/23 8:28 p.m.8 views

Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)

Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

3.7AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2021/03/23 8:24 p.m.19 views

Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)

Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

3.7AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2021/03/23 8:21 p.m.10 views

Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)

Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

3.7AI score
Exploits0
Prion
Prion
added 2020/07/10 4:15 p.m.28 views

Cross site scripting

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting XSS...

4.3CVSS6.2AI score0.00972EPSS
Exploits0References1Affected Software4
OpenVAS
OpenVAS
added 2020/06/17 12:0 a.m.24 views

Intel Active Management Technology Information Disclosure Vulnerability (INTEL-SA-00295)

Intel Active Management Technology AMT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

5.3CVSS5.3AI score0.01646EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/09 12:0 a.m.40 views

Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution

Kentico CMS is a common ASP.NET Content Management System CMS used for building websites and online stores. Kentico CMS versions 9 to 10.0.51, 11.0.0 to 11.0.47 and 12.0.0 to 12.0.14 perform unsafe .NET Objects deserialization through the...

9.8CVSS8.5AI score0.96031EPSS
Exploits5References4
NVD
NVD
added 2019/11/18 9:15 p.m.23 views

CVE-2019-17085

XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent...

6.5CVSS6.4AI score0.00767EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/11/05 7:25 p.m.8 views

CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...

6.5CVSS7.3AI score0.01437EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/05 7:25 p.m.27 views

CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability

A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...

6.5CVSS6.6AI score0.01437EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/29 12:0 a.m.5 views

Trend Micro OfficeScan Path Traversal Vulnerability

Trend Micro OfficeScan is a suite of distributed anti-virus software from Trend Micro. A path traversal vulnerability exists in Trend Micro OfficeScan version 11.0 and XG 12.0, which arises from a failure of a networked system or product to properly filter for specific elements in the path of a...

8.8CVSS7.1AI score0.25125EPSS
Exploits0References1
Citrix
Citrix
added 2019/10/08 4:0 a.m.32 views

CVE-2019-17366 - Citrix Application Delivery Management (ADM) Console Security Update

Description of Problem An authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management ADM server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions. The following deployment scenarios...

8.8CVSS0.5AI score0.01251EPSS
Exploits0
Symantec
Symantec
added 2019/10/02 12:0 a.m.32 views

Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability

Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

0.8AI score0.01057EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/06 12:0 a.m.3 views

PT-2019-17777 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9 Description: The issue arises from the incorrect handling of MLDv2 listener query...

9.8CVSS9.1AI score0.02128EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2019/07/17 12:0 a.m.31 views

Oracle Java SE Security Updates (jul2019-5072835) 01 - Linux

Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

3.1CVSS5AI score0.01636EPSS
Exploits0References1
OSV
OSV
added 2019/04/18 2:29 a.m.6 views

CVE-2019-1837

A vulnerability in the User Data Services UDS API of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API...

7.5CVSS6.7AI score0.02443EPSS
Exploits0References2
CNVD
CNVD
added 2019/04/10 12:0 a.m.3 views

Odoo Discuss App Cross-Site Scripting Vulnerability

Odoo is an open source commercial system from the Belgian company Odoo, of which Discuss App is a discussion application. A cross-site scripting vulnerability exists in the Discuss App in Odoo 12.0 and earlier versions Community and Enterprise, which stems from a lack of proper validation of...

6.1CVSS6.3AI score0.01004EPSS
Exploits0References1
Rows per page
Query Builder