ServiceNow - Cross-Site Scripting

ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. id: CVE-2022-38463 info: name: ServiceNow - Cross-Site Scripting author: amanrawat...

SUSE-SU-2026:21468-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size bsc1258073. - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI...

SUSE-SU-2024:3655-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005531 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...

openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2024:3638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenEMR 5.0.1 Patch 6 SQL Injection

require 'csv' This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenEMR 5.0.1 Patch 6 SQLi Dump', 'Description' = ' This module exploits a SQLi vulnerability found in OpenEMR version 5.0.1 Patch ...

SUSE-SU-2024:2530-1 Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005531 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26930: Fixed double free of the ha-vpmap pointer bsc1223681. - CVE-2024-26828: Fix...

SUSE SLES15 Security Update : kernel (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2024:2221-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2221-1 advisory. This update for the Linux Kernel 5.14.21-1505005531 fixes one issue. The following security issue was fixed: - CVE-2024-26852: Fixed use-after-free in...

SUSE SLES15 Security Update : kernel RT (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2024:0620-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:0620-1 advisory. - An issue was discovered in the Linux kernel before 6.6.8. dovccioctl in net/atm/ioctl.c has a use-after- free because of a vccrecvmsg race condition...

GHSA-54PV-R62J-9QQC Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...

Open redirect

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter...

CVE-2023-44308

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter...

CVE-2023-48365

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...

SUSE SLES15 Security Update : kernel (Live Patch 6 for SLE 15 SP4) (SUSE-SU-2023:2743-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2743-1 advisory. - atmtcenqueue in net/sched/schatm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion...

SUSE SLES15 Security Update : kernel RT (Live Patch 6 for SLE 15 SP4) (SUSE-SU-2023:2368-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2368-1 advisory. - A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...

SUSE SLES15 Security Update : kernel (Live Patch 6 for SLE 15 SP4) (SUSE-SU-2023:2031-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2031-1 advisory. - A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of...

SUSE SLES15 Security Update : kernel (Live Patch 6 for SLE 15 SP4) (SUSE-SU-2023:0273-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:0273-1 advisory. - A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote...

U.S. Dept Of Defense: XSS DUE TO CVE-2022-38463 in https://████████

Description: During my research, I found one of the host running ServiceNow vulnerable to CVE-2022-38463 . ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Impact Attacker is able to steal victims cookies, redirect victim to attacker controlled...

Cross site scripting

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality...

Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)

Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...

Security Bulletin: Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation (CVE-2019-12400)

Summary Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2019-12400 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the loading of XML parsing code...