209 matches found
CVE-2022-32752
CVE-2022-32752 affects IBM Security Directory Suite VA 8.0.1 through 8.0.1.19. A remote authenticated attacker can execute arbitrary commands on the system by sending a specially crafted request. IBM’s advisory and related sources identify the affected product and provide a fix: update to IBM Sec...
CVE-2022-32757
IBM Security Directory Suite VA 8.0.1–8.0.1.19 is affected by an inadequate account lockout setting that could allow a remote attacker to brute-force credentials. The issue is tied to CVE-2022-32757 and is documented with a HIGH impact (CVSS v3.1 base score 7.5; Network attack vector, low attack ...
CVE-2022-33166
CVE-2022-33166 affects IBM Security Directory Suite VA 8.0.1–8.0.1.19. The issue allows a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment, as described by Red Hat and IBM advisories (X-Force ID: 228586). Root cause ...
CVE-2022-33168
CVE-2022-33168 affects IBM Security Directory Suite VA 8.0.1 and could cause a denial of service via uncontrolled resource consumption. The issue has a base score of 7.5 (HIGH) per IBM/X-Force data. Remediation is to apply the fixes listed by IBM: Directory Suite 8.0.1 Fixpack 21 (and related int...
CVE-2022-33163
CVE-2022-33163 affects IBM Security Directory Suite VA 8.0.1, where permissions on a security-critical resource permit read or modification by unintended actors. Public sources align on an information-disclosure/unauthorized-access risk with high impact to confidentiality and integrity (CVE descr...
PT-2023-13230 · Ibm · Ibm Security Directory Suite Va
Name of the Vulnerable Software and Affected Versions: IBM Security Directory Suite VA versions 8.0.1 through 8.0.1.19 Description: The issue allows an authenticated user to read user credentials stored in plain clear text. Recommendations: For IBM Security Directory Suite VA versions 8.0.1 throu...
PT-2023-13191 · Ibm · Ibm Security Directory Suite Va
Name of the Vulnerable Software and Affected Versions: IBM Security Directory Suite VA versions 8.0.1 through 8.0.1.19 Description: The issue is related to an inadequate account lockout setting, which could allow a remote attacker to brute force account credentials. Recommendations: For versions...
va-motorsport.com Cross Site Scripting vulnerability OBB-3323826
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2020-13378
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code...
CVE-2020-13378
CVE-2020-13378 affects Loadbalancer.org Enterprise VA MAX up to version 8.3.8. The issue is an OS command injection in the appliance that could allow a remote authenticated attacker to execute arbitrary code. CVSS v3.1 base score 8.8 (HIGH) with network access, low attack complexity, and privileg...
CVE-2020-13378
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code...
Loadbalancer Enterprise VA MAX 操作系统命令注入漏洞
Loadbalancer Enterprise VA MAX is a full-featured virtual ADC from the Loadbalancer organization. standardized on WAF and GSLB, it provides the highest throughput and unmatched reliability for critical workloads. A security vulnerability exists in Loadbalancer Enterprise VA MAX version 8.3.8 and...
PT-2023-11473 · Loadbalancer.Org · Loadbalancer.Org Enterprise Va Max
Name of the Vulnerable Software and Affected Versions: Loadbalancer.org Enterprise VA MAX versions 8.3.8 and earlier Description: The issue allows a remote authenticated attacker to execute arbitrary code due to an OS Command Injection vulnerability. Recommendations: For versions 8.3.8 and earlie...
Hive Pro Appoints John Lyons as Chief Revenue Officer
Milpitas, CA – 27th March 2023 – Hive Pro, a leading Threat Exposure Management vendor in cybersecurity, today announced the appointment of John Lyons as its new Chief Revenue Officer CRO. With more than 25 years of sales management experience in the IT industry, Lyons will be responsible for...
Flaw in the VA Medical Records Platform May Put Patients at Risk
The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns...
horizonsedgeva.com Cross Site Scripting vulnerability OBB-2740612
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2022-29337
C-DATA FD702XW-X-R430 v2.1.13X001 was discovered to contain a command injection vulnerability via the vacmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request...
PT-2022-19551 · Unknown · C-Data Fd702Xw-X-R430
Name of the Vulnerable Software and Affected Versions: C-DATA FD702XW-X-R430 version 2.1.13 X001 Description: A command injection issue was discovered, allowing attackers to execute arbitrary commands via a crafted HTTP request. This is achieved through the va cmd parameter in the formlanipv6...
GSD-2022-1001263 ASoC: codecs: va-macro: fix accessing array out of bounds for enum type
ASoC: codecs: va-macro: fix accessing array out of bounds for enum type This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
Networking equipment maker Cisco has released security updates to address three high-severity vulnerabilities in its products that could be exploited to cause a denial-of-service DoS condition and take control of affected systems. The first of the three flaws, CVE-2022-20783 CVSS score: 7.5,...