106 matches found
Progress Software MOVEit Transfer SQL注入漏洞
Progress Software MOVEit Transfer is an automated file transfer software from Progress Software, USA. The software supports file transfer and provides file transfer activity monitoring. A security vulnerability exists in Progress Software MOVEit Transfer that stems from an SQL injection...
SUSE CVE-2020-2654
Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Zoom Client 路径遍历漏洞
Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client versions prior to 5.13.0. An attacker can exploit this vulnerability to read and write the Zoom application data directory...
Chipolo ONE 安全漏洞
Chipolo ONE is a key finder from Chipolo. Perfect for finding your keys, bags, backpacks in seconds. Chipolo ONE version 4.13.0 suffers from a security vulnerability that stems from the ability of a trusted owner to remotely share Chipolo access to another user who could be a potential attacker. ...
PYSEC-2022-43069
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...
npm CLI 信息泄露漏洞
npm CLI is a package manager from the US company npm. An information disclosure vulnerability exists in the npm CLI npm-packlist version v7.9.0 and v7.13.0, which stems from a runtime omission of the root-level .gitignore and .npmignore file exclusion directives...
CVE-2021-40354
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.8, Teamcenter V13.0 All versions V13.0.0.7, Teamcenter V13.1 All versions V13.1.0.5, Teamcenter V13.2 All versions 13.2.0.2. The "surrogate" functionality on the user profile of the application does not perform sufficien...
PT-2021-6590 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.0 and later Description: The issue is related to improper authorization in GitLab, affecting guests in private projects. This allows unauthorized access to view CI/CD analytics. The vulnerability can be exploited...
Odoo Security Vulnerability
Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...
chocolatey Boxstarter has an unspecified vulnerability
chocolatey Boxstarter is a virtual machine management software for installing virtual Windows environments from chocolatey, USA. A security vulnerability exists in Boxstarter installer versions prior to 2.13.0 that originates from configuring C:ProgramDataBoxstarter to be in the system-wide PATH...
GitLab Information Disclosure Vulnerability (CNVD-2020-51536)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An information disclosure vulnerability exists in GitLab...
ALEOS Out-of-Bounds Read Vulnerability
ALEOS is an integrated development environment for building customized embedded M2M applications. An out-of-bounds read vulnerability exists in the ACEView service in ALEOS versions prior to 4.13.0, 4.9.5, and 4.4.9, which can be exploited by an attacker to obtain sensitive information...
PT-2020-13426 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: A cross-site scripting XSS issue exists in the issue reference number tooltip. Recommendations: For versions prior to 13.0.12, updat...
PT-2020-13431 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.0.12 GitLab versions prior to 13.1.6 GitLab versions prior to 13.2.3 Description: The issue is related to improper access control on the Applications page. Recommendations: For versions prior to 13.0.12, update to...
PT-2020-13403 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.9 through 13.0.1 Description: The issue allows for client-side code injection through Mermaid markup, enabling a specially crafted Mermaid payload to send PUT requests on behalf of other users via clicking on a link...
Cisco Email Security Appliance AsyncOS Software Input Validation Error Vulnerability (CNVD-2020-32910)
Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. An input validation error vulnerability exists in the Cisco Email Security Appliance prior to version 13.0. The vulnerability arises from a network...
PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability
It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit cod...
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...
UBUNTU-CVE-2019-8822
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary...
CVE-2018-12408
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity XXE attacks via incomin...