193 matches found
PT-2022-28057 · Unknown · Fp Masterquiz
Name of the Vulnerable Software and Affected Versions: fp masterquiz extension versions 2.2.0 and earlier, 3.x before 3.5.1 Description: An issue allows an attacker to continue the quiz of a different user, enabling them to view and modify that user's answers. Recommendations: For fp masterquiz...
PT-2022-28062 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....
PT-2022-28058 · Typo3 · Fp Newsletter
Name of the Vulnerable Software and Affected Versions: fp newsletter extension versions 1.0 through 1.1.0 fp newsletter extension version 1.2.0 fp newsletter extension versions 2.0 through 2.1.1 fp newsletter extension versions 2.2.1 through 2.4.0 fp newsletter extension versions 3.0 through 3.2....
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2022-22365)
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
fp-trading.jp Cross Site Scripting vulnerability OBB-2864528
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
fp-sumai.jp Cross Site Scripting vulnerability OBB-2610424
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Design/Logic Flaw
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using followRedirects or followRedirectsWith with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie,...
CVE-2022-24719 Unauthorized forwarding of confidential headers in fluture-node
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using followRedirects or followRedirectsWith with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie,...
CVE-2022-24719
CVE-2022-24719 affects Fluture-Node. The vulnerability arises when using followRedirects or followRedirectsWith with redirection strategies in fluture-node 4.0.0/4.0.1, where confidential headers (Authorization, Cookie) can be exposed in a redirected request to a third‑party or HTTP origin. The i...
Mageia: Security Advisory (MGASA-2016-0223)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Sterling Order Management is vulnerable to cross-site scripting
Summary IBM Sterling Order Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEI...
OSV-2021-991 Dynamic-stack-buffer-overflow in fmt::v8::detail::dragonbox::umul192_upper64
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110 Crash type: Dynamic-stack-buffer-overflow WRITE 8 Crash state: fmt::v8::detail::dragonbox::umul192upper64 fmt::v8::detail::dragonbox::cacheaccessor::computemul fmt::v8::detail::dragonbox::decimalfp...
SUSE: Security Advisory (SUSE-SU-2018:2037-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2212-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US
No description provided...
Security Bulletin: Vulnerability in Apache Solr affects IBM Operations Analytics - Log Analysis (CVE-2019-17558)
Summary Apache Solr is vulnerable to Remote Code Execution. This has been addressed. Vulnerability Details CVEID: CVE-2019-17558 DESCRIPTION: Apache Solr could allow a remote attacker to execute arbitrary code on the system. By providing a Velocity template through the VelocityResponseWriter, an...
SUSE: Security Advisory (SUSE-SU-2018:1943-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A security vulnerability has been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager (CVE-2020-14781)
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
HCL Technologies Domino 输入验证错误漏洞
HCL Domino is a server for collaborative client-server software platforms. A denial of service vulnerability exists in HCL Domino versions 9.0.1 FP10 IF6, prior to 10.0.1. The vulnerability stems from improper validation of user-supplied input. An attacker could exploit the vulnerability to cause...