131 matches found
PT-2021-3139 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to errors in...
Microsoft Exchange ProxyLogon Remote Code Execution Exploit
This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you...
PT-2021-2379 · Microsoft · Sharepoint Server +1
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Description: The issue exists due to insufficie...
Security Bulletin: Android Mobile SDK compile builder includes vulnerable components
Summary A third party JSON parser that Android Mobile SDK uses include vulnerable components. The JSON parser is included in the compile builder provided to customers to compile their Mobile SDK manifest. It is not included within customer apps. Vulnerability Details CVEID: CVE-2018-7489...
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE (CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798)
Summary IBM Resilient SOAR is Using Components with Known Vulnerabilities - Java SE CVE-2020-14779, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14798 Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization componen...
Multiple vulnerabilities in SolarView Compact
Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-19126 DESCRIPTION: GNU C Library could allow a local attacker to bypass security restrictions, caused by failing to ignore...
Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-2583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an...
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to using component with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-8009 DESCRIPTION: Apache Hadoop could could allow a remote attacker to traverse directories on the system. By persuading a...
Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2018-12545 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations...
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities
OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...
CVE-2019-7959
Creative Cloud Desktop Application versions 4.6.1 and earlier have a using components with known vulnerabilities vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2019-5011
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use...
CVE-2019-5011
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use...
Input validation
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...
Streamworks Job Scheduler Release 7 Authentication Weakness
Affected Products Streamworks Job Scheduler Release 7 older/newer releases have not been tested References Secuvera-SA-2016-01 https://www.secuvera.de/advisories/secuvera-SA-2016-01.txt used for updates No CVE number could be assigned vendor not listed under...
OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper...
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4905, CVE-2014-3576)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when...
Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2014-1211)
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2014-1211 DESCRIPTION: VMware vCloud Director is vulnerable to cross-site request forgery, caused by improper validation of...