119 matches found
Security Bulletin: IBM Watson CloudPak for Data Data Stores is vulnerable to an attacker with specific knowledge about the system to manipulate data due to improper input validation(CVE-2023-28512)
Summary IBM Watson CloudPak for Data Data Stores could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. Vulnerability Details CVEID:CVE-2023-28512 DESCRIPTION: IBM Watson CP4D Data Stores could allow an attacker with specific knowledg...
Security Bulletin: IBM Watson CloudPak for Data Data Stores is vulnerable to allowing a user with physical access and specific knowledge of the system to modify files or data on the system.(CVE-2023-26282)
Summary IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledge of the system to modify files or data on the system. Vulnerability Details CVEID:CVE-2023-26282 DESCRIPTION: IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledg...
Security Bulletin: IBM Watson CloudPak for Data Data Stores are vulnerable to web pages stored locally which can be read by another user on the system
Summary IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2023-27545 DESCRIPTION: IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. CVS...
PT-2023-8821 · Ibm · Ibm Watson Cp4D Data Stores
Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.3 Description: The issue is related to the lack of encryption for sensitive or critical information before storage or transmission, which could allow an attacker to obtain sensitive...
Security Bulletin: Watson CP4D Data Stores is vulnerable to jackson-databind due to FasterXML jackson-databind before 2.14.0-rc1 ( CVE-2022-42003 )
Summary In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1...
PT-2023-4306 · Ibm · Ibm Watson Cp4D Data Stores
Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores version 4.6.0 Description: The issue is related to the improper allocation of resources without limits or throttling in the data storage of IBM Cloud Pak for Data CP4D. This could allow a remote attacker with...
CVE-2022-43468
CVE-2022-43468 affects WordPress Popular Posts (versions 6.0.5 and earlier). The vulnerability is described as external initialization of trusted variables or data stores, allowing untrusted external inputs to update internal variables, which can manipulate the number of views for an article. The...
CVE-2022-24847
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
CVE-2022-24847 Improper Input Validation in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
CVE-2022-24847 Improper Input Validation in GeoServer
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...
[SECURITY] Fedora 36 Update: librttopo-1.1.0-8.fc36
The RT Topology Library exposes an API to create and manage standard ISO 13249 aka SQL/MM topologies using user-provided data stores...
GHSA-V84G-CF5J-XJQX Path Traversal in Apache James Server
Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users...
Path Traversal in Apache James Server
Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users...
CVE-2022-22931
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...
Design/Logic Flaw
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...
CVE-2022-22931 Path traversal in Apache James 3.6.1
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...
Apache James 路径遍历漏洞
A path traversal vulnerability exists in Apache James, an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker could access other user data stores through this vulnerability...
Softaculous Ltd. Softaculous 安全漏洞
Softaculous is a commercial scripting library that automates the installation of commercial and open source web applications onto websites. A code execution vulnerability exists in Softaculous versions prior to 5.5.7. The vulnerability stems from external initialization of trusted variables or da...
Imperva to acquire jSonar: A New Generation of Data Security
I’m thrilled to announce that Imperva has entered into an agreement to acquire jSonar! We view jSonar’s incredible product and technology as perfectly aligned with our mission to protect data and all paths to it. Together, we will be able to deliver a fundamentally new approach to data security t...