GoCD 代码问题漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0, which stems from a Spring RemoteInvocation endpoint exposed for proxy communication that allows deserialization of arbitrary java objects, which can be exploited by an attacker to execut...

MS Enterprise app management service RCE. CVE-2022-35841

TL;DR A remote command execution and local privilege escalation vulnerability has been fixed by Microsoft as part of September’s patch Tuesday. The vulnerability, filed under CVE-2022-35841, affects the Enterprise App Management Service which handles the installation of enterprise applications...

CVE-2022-35296

Under certain conditions, the application SAP BusinessObjects Business Intelligence Platform Version Management System exposes sensitive information to an actor over the network with high privileges that is not explicitly authorized to have access to that information, leading to a high impact on...

SAP BusinessObjects Business Intelligence Platform 信息泄露漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

PT-2022-26416 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

[SECURITY] Fedora 36 Update: squid-5.7-1.fc36

Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

jackson-databind: denial of service via a large depth of nested objects

A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects...

The vulnerability of the SAP Business Objects Business Intelligence Platform, related to insufficient verification of data authenticity, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Business Objects Business Intelligence Platform is related to insufficient verification of data authenticity. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Visual Difference Application component of the SAP Business Objects Business Intelligence Platform allows a perpetrator to disclose protected information.

The vulnerability of the Visual Difference Application component in the SAP Business Objects Business Intelligence Platform exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow a malicious actor, operating remotely,...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or...

Cross-Site Scripting (XSS)

pimcore is vulnerable to cross-site scripting. The vulnerability exists in User/Roles because the path column in Users' Workspaces is not properly escaped allowing an attacker to inject and execute payload xss at documents, assets and data objects...

Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in GSKit (CVE-2012-2203, CVE-2012-2191, CVE-2012-2190)

Abstract Vulnerabilities in IBM Global Security Kit GSKit, shipped as part of IBM Tivoli Composite Application Manager for Transactions ITCAM for Transactions. Content VULNERABILITY DETAILS: Security vulnerabilities have been discovered in the GSKit libraries. ITCAM for Transactions uses the GSKi...

Design/Logic Flaw

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...