9 matches found
Kibana 8.19.16 and 9.3.5 Security Update (ESA-2026-30)
Path Traversal in Kibana Leading to Unauthorized Deletion of User Accounts A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrat...
SUSE CVE-2025-31651
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those...
PT-2025-14542 · Os4Ed · Os4Ed Opensis
Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 7.0 through 9.1 Description: The issue is a SQL injection vulnerability via the stu id parameter at the "/modules/students/Student.php" API endpoint. Recommendations: For OS4ED openSIS versions 7.0 through 9.1, consider...
Apache Tomcat 安全漏洞
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from the fact that Tomcat instances remain vulnerable to...
PT-2019-17100 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows a user with access to audit logs to obtain sensitive information due to improper handling of command line options. Recommendations: For IBM WebSphere...
Google Android System Information Disclosure Vulnerability (CNVD-2019-30319)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit the vulnerability to...
PT-2019-17008 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows a remote attacker to obtain sensitive information when a specially crafted URL causes a stack trace to be dumped. This occurs in the Admin Console of the...
Google Android Media framework remote code execution vulnerability (CNVD-2019-23556)
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in the Media framework component in Google Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9. An attacker can exploit this vulnerability to...
tomcat: A bug in the UTF-8 decoder can lead to DoS
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...