CVE-2023-24724

A stored cross site scripting XSS vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface SASAdmin. F...

JVN#19358384: hostapd vulnerable to improper processing of RADIUS packets

hostapd provided by Jouni Malinen fails to process crafted RADIUS packets properly CWE-826. Impact When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS...

KB5046860 - Description of the security update for SQL Server 2019 CU29: November 12, 2024

KB5046860 - Description of the security update for SQL Server 2019 CU29: November 12, 2024 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

Synology NAS / DiskStation Manager Detection (findhostd)

findhostd based detection of Synology NAS devices, DiskStation Manager DSM OS and application. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-50959

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2023-50959 DESCRIPTION: IBM Business Automation Workflow may allow end users to query more documents than expected from a connected Enterprise Content Management system when...

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

KB5029379 - Description of the security update for SQL Server 2022 GDR: October 10, 2023

KB5029379 - Description of the security update for SQL Server 2022 GDR: October 10, 2023 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains a...

Security Bulletin: Vulnerability with Python affect IBM Cloud Object Storage Systems (Sept2023v2)

Summary Vulnerability with Python CVE-2023-40217 This vulnerability have been addressed in the latest ClevOS releases Vulnerability Details CVEID:CVE-2023-40217 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by a race condition in the SSLSocket module...

CVE-2023-2749 A Gain Information vulnerability was found on Download Center.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected...

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director...

Security Bulletin: A vulnerability (CVE-2021-39028) in WebSphere Application Server Liberty affects IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced to provide a web based administration console and to provide web services support. The fix removes vulnerability CVE-2021-39038 that allows a remote attacker to hijack the clicking action of the victim. Vulnerability...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Spring Framework (CVE-2022-22970)

Summary IBM Sterling B2B Integrator has addressed the denial of service security vulnerability in Spring Framework shipped with the product. Vulnerability Details CVEID:CVE-2022-22970 DESCRIPTION: Vmware Tanzu Spring Framework is vulnerable to a denial of service, caused by a flaw in the handling...

Security Bulletin: Multiple vulnerabilities have been identified in Apache Log4j shipped with IBM Tivoli Netcool/OMNIbus Common Integration Libraries (CVE-2021-4104, CVE-2021-45046, CVE-2021-44228)

Summary Multiple vulnerabilities have been identified within the Apache Log4j library that is used within IBM Tivoli Netcool/OMNIbus Common Integration Libraries. These vulnerabilities have been addressed. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote...

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)

Summary Netty CVE-2021-43797 is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library as part of the webhook integration. The latest patch includes Netty 4.1.72.Final to fix the vulnerability. Vulnerability Details CVEID: CVE-2021-43797 DESCRIPTION: Netty is vulnerable to...

JVN#72801744: UNIVERGE WA Series vulnerable to OS command injection

Remote system maintenance feature of UNIVERGE WA series "Local maintenance console/Remote maintenance console/Web based remote console maintenance" contains an OS command injection vulnerability CWE-78. Impact If an attacker who can access the product sends specific character strings or a special...

Security Bulletin: Code injection vulnerability in IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect Snapshot for VMware (CVE-2020-4693)

Summary Due to improper validation of data prior to export, IBM Spectrum Protect for Virtual Environments and IBM Spectrum Protect Snapshot for VMware may allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2020-4693 DESCRIPTION: IBM Spectrum Protect produc...

Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2021-20427)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2021-20427 DESCRIPTION: IBM Security Guardium uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. CVSS Base score: 5.3 CVSS Temporal Score: See...

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Vulnerabilities

Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Exploit Author: Berkan Er Vendor Homepage: https://www.sonlogger.com/ Version: 4.2.3.3 Tested on: Windows 10 Enterprise x64 Version 1803 A remote attacker can be create an user with SuperAdmin profile...

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure

Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure Date: 04-02-2021 Exploit Author: Berkan Er Vendor Homepage: https://www.sonlogger.com/ Version: 4.2.3.3 Tested on: Windows 10 Enterprise x64 Version 1803 A remote attacker can be create an user with SuperAdmin...

Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)

Summary Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. Vulnerability Details CVEID: CVE-2020-10693 DESCRIPTION: Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions,...