GHSA-8477-3V39-GGPM Improper Validation of Integrity Check Value in Bouncy Castle

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

GHSA-2RH5-JVGX-PGW3 Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

GHSA-GQCF-83RQ-GPFR Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

Any storage file can be downloaded from p.sh if full server path is known

The default configuration for platform.sh .platform.app.yaml allows access to uploaded files if you know or can guess their location, regardless of whether roles grant content read access to the content containing those files. If you're using Legacy Bridge, the default configuration also allows...

IBM Spectrum Scale Information Disclosure Vulnerability (CNVD-2021-37124)

IBM Spectrum Scale is a scalable data and file management solution from IBM USA based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping clients reduce storage costs while improving security and management efficiency in...

Session Recording Migration Tool

Description Use the Session Recording migration tool to facilitate the migration from SmartAuditor to Session Recording. The tool processes the SmartAuditor legacy recording files, and extracts and rebuilds metadata in the Session Recording Database to support the search and playback of the legac...

Microsoft Office PowerPoint Legacy Files (CVE-2010-2572)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote attacker could exploit this issue via a malformed PowerPoint file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. The vulnerability is due ...

Microsoft Office Visio Legacy Files (CVE-2010-0254; CVE-2010-0256)

Microsoft Visio is a diagram creation software for Microsoft Windows. Multiple remote code execution vulnerabilities have been identified in Microsoft Visio. A remote attacker could trigger these flaws by convincing a victim to open a specially crafted Visio file in legacy format. Successful...

Microsoft Office Excel Legacy Files (CVE-2009-3131; CVE-2010-1251; CVE-2010-1252; CVE-2010-3230)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse Office Excel legacy files. A remote attacker could trigger this flaw by...