EUVD-2011-4866

Malware in sbrugna...

CVE-2010-5079

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for 1 the CSRF protection mechanism, 2 autologin, 3 "forgot password" functionality, and 4 password salts, which makes it easier for remote attackers to bypass intended access restrictions via...

Dovecot 2.2.x < 2.3.21.1 Multiple Vulnerabilities

Dovecot is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dovecot:dovecot"; ifdescription...

Spring Vault vulnerable to insertion of sensitive information into a log file

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token...

Security Bulletin: Watson Machine Learning Accelerator is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22971)

Summary Watson Machine Learning Accelerator is affected but not classified as vulnerable to a remote code execution in Spring Framework CVE-2022-22971 as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR in contrast t...

Elgg open redirect

Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect...

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

Summary A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services. Vulnerability Details CVEID: CVE-2021-22939 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions. If the https API was used...

Adobe Magento 路径遍历漏洞

Adobe Magento is the United States of America Odobie Adobe company's set of open source PHP e-commerce system . The system provides rights management, search engine and payment gateway features. A path traversal vulnerability exists in Adobe Magento. The vulnerability exists due to an input...

PT-2019-7486 · Pippin Williamson · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

PT-2019-7488 · Pippin Williamson · Easy Digital Downloads

Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD versions 1.8.x through 1.8.6 Easy Digital Downloads EDD versions 1.9.x through 1.9.9 Easy Digital Downloads EDD versions 2.0.x through 2.0.4 Easy Digital Downloads EDD versions 2.1.x through 2.1.10 Easy Digital...

OpenVPN 2.3.x < 2.3.17 & 2.4.x < 2.4.3 Multiple Denial of Service Vulnerabilites (Windows)

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is 2.3.x prior to 2.3.17 or 2.4.x prior to 2.4.3. It is, therefore, affected by multiple denial of service DoS vulnerabilities due to invalid input validation. An unauthenticated, remote...

CVE-2019-6158

An internal product security audit of Lenovo XClarity Administrator LXCA discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x...

pfSense 2.3.x < 2.3.5-p2 / 2.4.x < 2.4.3-p1 Multiple Vulnerabilities (SA-18_04 / SA-18_05)

According to its self-reported version number, the remote pfSense install is a version 2.3.x prior to 2.3.5-p2 or 2.4.x prior to 2.4.3-p1. It is, therefore, affected by multiple vulnerabilities: - In FreeBSD before 11.1-STABLEr332066 and 11.1-RELEASE-p10, due to insufficient initialization of...

pfSense 2.3.x <= 2.3.5-p2 / 2.4.x < 2.4.4 Multiple Vulnerabilities (SA-18_06 / SA-18_07 / SA-18_08)

According to its self-reported version number, the remote pfSense install is a version 2.3.x prior or equal to 2.3.5-p2 or 2.4.x prior to 2.4.3-p1. It is, therefore, affected by multiple vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may...

CVE-2017-14064

Removed by vendor...

Zend Framework Session Authentication Vulnerability

Zend Framework ZF is the United States Zend company developed a set of open source PHP5 development framework , it is mainly used for the development of Web programs and services. A security vulnerability exists in Zend/Session/SessionManager in version 2.2.x before ZF 2.2.9 and version 2.3.x...

MySQL Enterprise Monitor 2.3.x < 2.3.21 / 3.0.x < 3.0.23 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 2.3.x prior to 2.3.21 or 3.0.x prior to 3.0.23. It is, therefore, potentially affected by multiple vulnerabilities : - An invalid read error exists in the ASN1TYPEcmp function due to...

Netsparker Remote Code Execution Vulnerability - Windows

Netsparker is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netsparker:wass...

CVE-2012-6100

report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report...

CVE-2012-6098

grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...