76 matches found
Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...
Code injection
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a...
Information disclosure
An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that restrict access to the repository to project members...
Design/Logic Flaw
Adobe Bridge version 11.1.2 and earlier and version 12.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user...
Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)
Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)
Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Azure File Sync Agent v12.0 Release – March 2021 (KB4568585)
Update for Azure File Sync agent version 12.0.0.0. For more details, see the associated Microsoft Knowledge Base article...
Cross site scripting
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting XSS...
Intel Active Management Technology Information Disclosure Vulnerability (INTEL-SA-00295)
Intel Active Management Technology AMT is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution
Kentico CMS is a common ASP.NET Content Management System CMS used for building websites and online stores. Kentico CMS versions 9 to 10.0.51, 11.0.0 to 11.0.47 and 12.0.0 to 12.0.14 perform unsafe .NET Objects deserialization through the...
CVE-2019-17085
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent...
CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
CVE-2019-1877 Cisco Enterprise Chat and Email Attachment Download Vulnerability
A vulnerability in the HTTP API of Cisco Enterprise Chat and Email could allow an unauthenticated, remote attacker to download files attached through chat sessions. The vulnerability is due to insufficient authentication mechanisms on the file download function of the API. An attacker could explo...
Trend Micro OfficeScan Path Traversal Vulnerability
Trend Micro OfficeScan is a suite of distributed anti-virus software from Trend Micro. A path traversal vulnerability exists in Trend Micro OfficeScan version 11.0 and XG 12.0, which arises from a failure of a networked system or product to properly filter for specific elements in the path of a...
CVE-2019-17366 - Citrix Application Delivery Management (ADM) Console Security Update
Description of Problem An authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management ADM server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions. The following deployment scenarios...
Cisco Unified Communications Manager CVE-2019-12715 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
PT-2019-17777 · Freebsd · Freebsd
Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.2-RELEASE before 11.2-RELEASE-p13 FreeBSD versions 11.3-RELEASE before 11.3-RELEASE-p2 FreeBSD versions 12.0-RELEASE before 12.0-RELEASE-p9 Description: The issue arises from the incorrect handling of MLDv2 listener query...
Oracle Java SE Security Updates (jul2019-5072835) 01 - Linux
Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-1837
A vulnerability in the User Data Services UDS API of Cisco Unified Communications Manager Unified CM could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the management GUI. The vulnerability is due to improper validation of input parameters in the UDS API...
Odoo Discuss App Cross-Site Scripting Vulnerability
Odoo is an open source commercial system from the Belgian company Odoo, of which Discuss App is a discussion application. A cross-site scripting vulnerability exists in the Discuss App in Odoo 12.0 and earlier versions Community and Enterprise, which stems from a lack of proper validation of...