Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and hoek. Vulnerabilities include Relative Path Traversal vulnerability in Apache Tomcat, Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, Improper...

EUVD-2022-30711

Malicious code in bioql PyPI...

CVE-2024-39308

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

Dell PowerProtect Data Manager Reporting Improperly Escaped Vulnerability

Dell PowerProtect Data Manager Reporting is a data protection management software. Dell PowerProtect Data Manager Reporting suffers from an improper escape vulnerability that stems from the program's failure to properly process output, no details of the vulnerability are available at this time...

Dell PowerProtect Data Manager Reporting 安全漏洞

Dell PowerProtect Data Manager Reporting is a data protection management software. Dell PowerProtect Data Manager Reporting suffers from an improper escape vulnerability that stems from the program's failure to properly process output, no details of the vulnerability are available at this time...

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

Details have emerged about a vulnerability impacting the "wall" command of the util-linux package that could be potentially exploited by a bad actor to leak a user's password or alter the clipboard on certain Linux distributions. The bug, tracked as CVE-2024-28085, has been codenamed WallEscape b...

Improper Input Validation

Apache Hop Engine is vulnerable to Improper Input Validation. The vulnerability is due to improper escape functionality within the "id" parameter in links written to the PrepareExecutionPipelineServlet page...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

CVE-2021-33477

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow potentially remote code execution because of improper handling of certain escape sequences ESC G Q. A response is terminated by a newline...

KLA11516 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting attack, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a...