12 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-5737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service DoS by...
K000152911: Apache Tomcat vulnerability CVE-2025-52520
Security Advisory Description For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1...
SUSE CVE-2025-22445
Mattermost versions 10.x = 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting...
Infotel Conseil GLPI 安全漏洞
Infotel Conseil GLPI is an application from Infotel, Inc. A security vulnerability exists in Infotel Conseil GLPI v.10.X.X and prior versions, which stems from insufficient validation of user-supplied input and allows remote attackers to execute arbitrary code...
PT-2024-15249 · Opentext · Opentext Vertica Management Console
Name of the Vulnerable Software and Affected Versions: OpenText Vertica Management Console versions 10.x OpenText Vertica Management Console versions 11.1.1-24 or lower OpenText Vertica Management Console versions 12.0.4-18 or lower Description: The issue affects one of Vertica's authentication...
SUSE CVE-2012-1939
jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via crafted JavaScript code...
CVE-2021-36200
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...
CVE-2020-26516
A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. Requests sent to the server that trigger actions do not contain a CSRF token and can therefore be entirely predicted allowing attackers to cause the victim's browser to execute undesired actions in the web application...
PT-2021-11241 · Intland · Codebeamer Alm
Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...
ALPINE-CVE-2018-7167
Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...
IBM Emptoris Services Procurement Cross-Site Request Forgery Vulnerability
IBM Emptoris Services Procurement is a procurement management system from IBM USA. The system controls and manages the procurement lifecycle for third-party service categories. A cross-site request forgery vulnerability exists in IBM Emptoris Services Procurement version 10.x. A remote attacker...
CVE-2016-10102
hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and...