GHSA-FV25-8XCX-GQJC Apache Tomcat - WebSocket authentication header exposure

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.2 to 9.0.117 Older, unsupported versions may also be affected Description: If a WebSocket request was redirected after authentication, Tomcat's WebSocket client would present the most recent...

EUVD-2020-6398

Malware in sbrugna...

Apache Tomcat Session Fixation vulnerability

Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 ...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat, which stems from the presence of a competitive condition vulnerability. The...

PT-2024-16600 · Opentext · Opentext Secure Content Manager

Name of the Vulnerable Software and Affected Versions: OpenText Secure Content Manager versions 10.1 through 24.3 Description: The issue is related to insufficient logging in OpenText Secure Content Manager on Windows, allowing audit log manipulation. This could potentially lead to undetected...

CVE-2024-7477

A SQL injection vulnerability was found which could allow a command line interface CLI user with administrative privileges to execute arbitrary queries against the Avaya Aura System Manager database. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer...

CVE-2024-27265

IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564...

BIT-GITLAB-2022-3280

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content...

PT-2023-8442 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.1 through 11.5 Description: The issue is related to insufficient input validation in the IBM DB2 database management system and the IBM DB2 Connect Server. It could...

Security Bulletin: CVE-2023-0482 may affect IBM CICS TX Advanced

Summary CVE-2023-0482 may affect IBM WebSphere Application Server Liberty supplied with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-0482 DESCRIPTION: RESTEasy could allow a local authenticated attacker to gain elevated privileg...

CEM Systems AC2000 安全漏洞

CEM Systems AC2000 is a UK based access control and security management system. A security vulnerability exists in CEM Systems AC2000 versions 10.1 to 10.5, which arises from the fact that in some cases the application does not perform proper authorization checks for functions that require proof ...

HCL Technologies Campaign Cross-Site Scripting Vulnerability

HCL Technologies Campaign is a suite of management solutions from HCL Technologies India to help marketers design, execute, measure and optimize marketing campaigns. A cross-site scripting vulnerability exists in HCL Technologies Campaign versions 10.1.x, 11.0.1 and 11.1.0.x. The vulnerability ca...

GitLab Access Control Error Vulnerability (CNVD-2020-17386)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects. An access control error vulnerability exists in GitLab 10.1 - 12.8.1. An attacker can exploit this...

GitLab EE Information Disclosure Vulnerability (CNVD-2020-13699)

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is GitLab Enterprise Edition. GitLab EE 10.1 - 12.7.2 suffers from an information disclosu...

GitLab Code Issue Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab Enterprise an...

CVE-2018-1921

IBM Campaign 9.1.0, 9.1.2, 10.1, and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152857...

PT-2019-16869 · Ibm · Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue allows a malicious user with access to the DB2 instance account to leverage a fenced execution process and execute...

PT-2019-7873 · Ibm · Ibm Marketing Platform

Name of the Vulnerable Software and Affected Versions: IBM Marketing Platform versions 9.1.0 through 10.1 Description: The issue exposes sensitive information in the headers, which could be used by an authenticated attacker in further attacks against the system. Recommendations: For versions 9.1....

CVE-2017-0914

Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database...

ppmd Path Traversal Vulnerability

ppmd is a compression algorithm used by both 7zip and WinRAR compression software. A directory traversal vulnerability exists in ppmd versions 10.1-5. An attacker can exploit the vulnerability by reading a directory traversal sequence with a specially crafted request ... / with a specially crafte...