Wireshark 2.2.x < 2.2.12 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.2.12. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.2.12 advisory. - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could...

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

Security Bulletin: Vulnerability in Jettison affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Jettison that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-jso...

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

Input validation

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

Potential for Information Disclosure in Application Skeleton

Potential for Information Disclosure in Application Skeleton The default application skeleton contained a beforeRender method on the AppController that could potentially lead to unwanted information disclosure in your application. The unsafe default code was present between 3.1.0 and 3.5.0 of the...