Lucene search
+L

119 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 10:42 p.m.21 views

Security Bulletin: IBM Watson CloudPak for Data Data Stores is vulnerable to an attacker with specific knowledge about the system to manipulate data due to improper input validation(CVE-2023-28512)

Summary IBM Watson CloudPak for Data Data Stores could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. Vulnerability Details CVEID:CVE-2023-28512 DESCRIPTION: IBM Watson CP4D Data Stores could allow an attacker with specific knowledg...

5.9CVSS5.6AI score0.00547EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 10:41 p.m.19 views

Security Bulletin: IBM Watson CloudPak for Data Data Stores is vulnerable to allowing a user with physical access and specific knowledge of the system to modify files or data on the system.(CVE-2023-26282)

Summary IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledge of the system to modify files or data on the system. Vulnerability Details CVEID:CVE-2023-26282 DESCRIPTION: IBM Watson CP4D Data Stores could allow a user with physical access and specific knowledg...

4.2CVSS4AI score0.0024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/22 10:39 p.m.17 views

Security Bulletin: IBM Watson CloudPak for Data Data Stores are vulnerable to web pages stored locally which can be read by another user on the system

Summary IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. Vulnerability Details CVEID:CVE-2023-27545 DESCRIPTION: IBM Watson CP4D Data Stores allows web pages to be stored locally which can be read by another user on the system. CVS...

5.5CVSS3.8AI score0.00195EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.5 views

PT-2023-8821 · Ibm · Ibm Watson Cp4D Data Stores

Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.3 Description: The issue is related to the lack of encryption for sensitive or critical information before storage or transmission, which could allow an attacker to obtain sensitive...

7.5CVSS7.2AI score0.00333EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/09 10:53 p.m.45 views

Security Bulletin: Watson CP4D Data Stores is vulnerable to jackson-databind due to FasterXML jackson-databind before 2.14.0-rc1 ( CVE-2022-42003 )

Summary In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1...

7.5CVSS7.4AI score0.02706EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.3 views

PT-2023-4306 · Ibm · Ibm Watson Cp4D Data Stores

Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores version 4.6.0 Description: The issue is related to the improper allocation of resources without limits or throttling in the data storage of IBM Cloud Pak for Data CP4D. This could allow a remote attacker with...

7.8CVSS7.3AI score0.01301EPSS
Exploits0References6
CVE
CVE
added 2022/12/07 12:0 a.m.76 views

CVE-2022-43468

CVE-2022-43468 affects WordPress Popular Posts (versions 6.0.5 and earlier). The vulnerability is described as external initialization of trusted variables or data stores, allowing untrusted external inputs to update internal variables, which can manipulate the number of views for an article. The...

7.5CVSS7.4AI score0.00846EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/04/13 10:15 p.m.33 views

CVE-2022-24847

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS0.01465EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/13 9:20 p.m.38 views

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS7.5AI score0.01465EPSS
Exploits0References1
OSV
OSV
added 2022/04/13 9:20 p.m.27 views

CVE-2022-24847 Improper Input Validation in GeoServer

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can...

7.2CVSS7.3AI score0.01465EPSS
Exploits0References3
Fedora
Fedora
added 2022/03/26 3:34 p.m.9 views

[SECURITY] Fedora 36 Update: librttopo-1.1.0-8.fc36

The RT Topology Library exposes an API to create and manage standard ISO 13249 aka SQL/MM topologies using user-provided data stores...

1.4AI score
Exploits0
OSV
OSV
added 2022/02/08 12:0 a.m.36 views

GHSA-V84G-CF5J-XJQX Path Traversal in Apache James Server

Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users...

4.3CVSS6.4AI score0.01761EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/02/08 12:0 a.m.36 views

Path Traversal in Apache James Server

Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users...

9.1CVSS3.3AI score0.03706EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/02/07 7:15 p.m.28 views

CVE-2022-22931

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...

4.3CVSS0.01761EPSS
Exploits0References2
Prion
Prion
added 2022/02/07 7:15 p.m.22 views

Design/Logic Flaw

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...

4CVSS6.4AI score0.03706EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/07 6:50 p.m.31 views

CVE-2022-22931 Path traversal in Apache James 3.6.1

Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores limited to user names being prefixed by the value of the username being used...

6.8AI score0.01761EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/07 12:0 a.m.8 views

Apache James 路径遍历漏洞

A path traversal vulnerability exists in Apache James, an open source Smtp and Pop3 mail transfer agent and Nntp news server written entirely in Java by the Apache Foundation. An attacker could access other user data stores through this vulnerability...

4.3CVSS5.2AI score0.01761EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/18 12:0 a.m.5 views

Softaculous Ltd. Softaculous 安全漏洞

Softaculous is a commercial scripting library that automates the installation of commercial and open source web applications onto websites. A code execution vulnerability exists in Softaculous versions prior to 5.5.7. The vulnerability stems from external initialization of trusted variables or da...

7.8CVSS6.1AI score0.00626EPSS
Exploits1References4
Imperva Blog
Imperva Blog
added 2020/10/01 12:39 p.m.23 views

Imperva to acquire jSonar: A New Generation of Data Security

I’m thrilled to announce that Imperva has entered into an agreement to acquire jSonar! We view jSonar’s incredible product and technology as perfectly aligned with our mission to protect data and all paths to it. Together, we will be able to deliver a fundamentally new approach to data security t...

6.7AI score
Exploits0
Rows per page
Query Builder