RHSA-2026:0384 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.3 security update

Bulletin has no description...

EUVD-2024-0439

Malicious code in bioql PyPI...

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is a Roxy-WI open source web interface for managing Haproxy, Nginx and Keepalived servers. An operating system command injection vulnerability exists in Roxy-WI 8.1.3 and earlier versions, which stems from the parameter action/service in the actionservice function of the file...

Cross site scripting

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

CVE-2024-21628 XSS can be stored in DB from "add a message form" in order detail page (FO)

PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape...

K14492558: PHP vulnerability CVE-2021-21708

Security Advisory Description In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result ...

OESA-2022-1692 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache...

UBUNTU-CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1...

CVE-2019-13498

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security HSTS, which may allow man-in-the-middle MITM attacks. This issue is fixed in version 8.1.4...

Security Bulletin: A vulnerability in the GSKIT component of the Core Framework affects IBM Performance Management products (CVE-2016-2183)

Summary OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a...

WordPress amtyThumb amty-thumb-recent-post plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. amtyThumb amty-thumb-recent-post also known as amtyThumb posts or wp-thumb- post plugin is used in one of the...

PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability

The host is running PROMOTIC SCADA/HMI Webserver and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gbpromoticscadahmiserverdirtravvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability Authors: Veerendra G.G...

PROMOTIC SCADA/HMI Webserver Directory Traversal Vulnerability

PROMOTIC SCADA/HMI Webserver is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PROMOTIC 8.1.3 - Multiple Vulnerabilities

PROMOTIC 8.1.3 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/50133/info PROMOTIC is prone to multiple security vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code within the context of the affected application or disclose sensitive...