44 matches found
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...
CVE-2015-9251 affecting package python-blinker for versions less than 1.7.0-4
CVE-2015-9251 affecting package python-blinker for versions less than 1.7.0-4. An upgraded version of the package is available that resolves this issue...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...
Linux Distros Unpatched Vulnerability : CVE-2015-9251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing...
CVE-2015-9251 affecting package ceph for versions less than 18.2.2-1
CVE-2015-9251 affecting package ceph for versions less than 18.2.2-1. A patched version of the package is available...
CVE-2015-9251 affecting package slf4j for versions less than 2.0.7-1
CVE-2015-9251 affecting package slf4j for versions less than 2.0.7-1. An upgraded version of the package is available that resolves this issue...
RHEL 7 : jquery (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 Note that Nessus has not tested for this...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI
Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.
Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)
Summary There are multiple vulnerabilities in JQuery that could allow an attacker to launch cross-site scripting. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuer...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery (CVE-2015-9251).
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in jQuery, caused by improper validation of user-supplied input. CVE-2015-9251. jQuery is used by the runtime components included in IBM Watson Speech. Please read the details for...
Security Bulletin: jQuery included in ITNM is vulnerable to Cross-site Scripting (XSS) attacks (multiple vulnerabilities)
Summary Multiple vulnerabilities CVE-2015-9251; CVE-2019-11358; CVE-2020-11022; CVE-2020-11023 found in jQuery that is present in IBM Tivoli Network Manager ITNM IP Edition. jQuery versions before 3.0.0 are vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is perform...
Tenable Nessus Network Monitor < 5.11.0 Multiple Vulnerabilities (TNS-2019-08)
Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)
Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...
NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2021-0171)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ipa packages installed that are affected by multiple vulnerabilities: - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causin...
Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.
Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...
SUSE: Security Advisory (SUSE-SU-2020:0737-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
Crowd was using jQuery version 1.8.3, which is affected by CVE-2020-11023, CVE-2020-11022, and CVE-2015-9251. Affected Version/s: 4.0.3, 4.1.1 Fixed Version/s: 4.1.2, 4.0.4, 4.2.0...
CentOS 8 : pki-core:10.6 and pki-deps:10.6 (CESA-2020:4847)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4847 advisory. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 - bootstrap: XSS in the data-target attribute CVE-2016-10735 - bootstrap:...
CentOS 8 : idm:DL1 and idm:client (CESA-2020:4670)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4670 advisory. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 - bootstrap: XSS in the data-target attribute CVE-2016-10735 - bootstrap:...