EUVD-2022-45034

Malicious code in bioql PyPI...

PT-2024-12022 · Diebold Nixdorf · Diebold Nixdorf Vynamic Security Suite

Name of the Vulnerable Software and Affected Versions: Diebold Nixdorf Vynamic Security Suite versions prior to 3.3.0 SR10 Description: The issue concerns the failure to validate the /etc/mtab file during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who can...

There is no LTSR version of WEM

This article describes whether there is Long Term Service Release LTSR version of Workspace Environment Management WEM...

CVE-2023-5524 M-Files Web Companion allows Remote Code Execution for some filetypes

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types...

PT-2023-32153 · M Files · M-Files Web Companion

Name of the Vulnerable Software and Affected Versions: M-Files Web Companion versions prior to 23.10 M-Files Web Companion LTS Service Release Versions prior to 23.8 LTS SR1 Description: The issue is related to the execution of downloaded content, which allows for Remote Code Execution. This flaw...

CVE-2023-3406

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server...

PT-2023-24773 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 23.8.12892.6 M-Files Server LTS Service Release Versions prior to 23.2 LTS SR3 Description: The issue is an out-of-bounds read that allows an unauthenticated user to read a restricted amount of bytes from...

SUSE CVE-2013-3008

Unspecified vulnerability in the Java Runtime Environment JRE in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006...

Command injection

AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload...

CVE-2022-41870

AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload...

PT-2022-26105 · Innovaphone · Innovaphone

Name of the Vulnerable Software and Affected Versions: Innovaphone versions prior to 13r2 Service Release 17 Description: The issue allows command injection via a modified service ID during app upload. Recommendations: For versions prior to 13r2 Service Release 17, update to 13r2 Service Release ...

Exclusion of Citrix embedded browser from the Citrix Workspace app 1912 LTSR for Windows

The Citrix Workspace app Long Term Service Release LTSR is released on a less frequent cadence with an extended lifecycle than the Workspace app Current Releases CR, offering predictability and less changes to the product. The Citrix Workspace app LTSR offers Cumulative Updates CU that contain...

Additional Lifecycle Information for Citrix Workspace App for Windows

This article is a supplement to the Lifecycle Milestones for Citrix Workspace App and Citrix Receiver. It provides additional details for the listed versions of Citrix Receiver for Windows. Additional Lifecycle Information for Citrix Workspace App and Citrix Receiver for Windows Current Release...

Fedora 29 : roundcubemail (2018-24d1e5a2c3)

Version 1.3.8 This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability plus updates to ensure compatibility with PHP 7.3 and recent versions of...

Additional Lifecycle Information for StoreFront

This article is a supplement to the Non-Sale ProductsLifecycle information StoreFront is an integral component of Citrix Virtual Apps and Desktops formerly XenApp and XenDesktop but can be used with several versions of Citrix Virtual Apps and Desktops and XenApp and XenDesktop. For customers that...

Lifecycle Information for HDX RealTime Optimization Pack

The HDX RealTime Optimization Pack RTOP for Skype® for Business is a feature of Citrix Virtual Apps and Desktops formerly XenApp and XenDesktop, Advanced formerly Enterprise and Premium formerly Platinum editions. HDX RTOP provides optimized delivery of the Microsoft Skype for Business 2015, 2016...

Updated roundcubemail packages fix security vulnerability & bugs

This is a service release to update the stable version 1.3 of Roundcube Webmail. It contains fixes to several bugs backported from the master branch including a security fix for a reported XSS vulnerability in handling invalid style tag content plus updates to ensure compatibility with PHP 7.3 an...

Fr. Sauter AG CASE Suite

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Fr. Sauter AG Equipment: CASE Suite Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Security Bulletin: Java vulnerability on IBM Storage DS8870 (CVE-2014-0411)

Summary IBM Enterprise Storage DS8870 HMC extensively uses Java, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: Java is used throughout the DS8870 HMC including the command line interface CLI and graphical user interface GUI and...

Security Bulletin: DS8870 Release 7.x affected by a vulnerability in OpenSSL (CVE-2014-0224)

Summary Security vulnerabilities have been discovered in OpenSSL which impact the management port on DS8870 R7.x Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and server...