F5 Networks BIG-IP : BIG-IP httpd access control vulnerability (K000156604)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0. It is, therefore, affected by a vulnerability as referenced in the K000156604 advisory. When configured, IP-based access restrictions forhttpddo not cover all endpoints, which may allow...

Improper Memory Cleanup in the Okta Java SDK

Description In the Okta Java SDK, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service...

com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2025-53057 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)

org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2025-53057 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...

Security Bulletin: A vulnerability in the IBM Robotic Process Automation windows installer could result in privilege escalation (CVE-2024-51448).

Summary IBM Robotic Process Automation could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server...

UBUNTU-CVE-2024-55227

A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

PT-2025-3106 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 21.0.0-beta Description: A cross-site scripting XSS vulnerability in the Product module of Dolibarr allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. This issue...

Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)

Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A security vulnerability exists in IBM Robotic Process Automation versions 21.0.0...

IBM Robotic Process Automation 日志信息泄露漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A security vulnerability exists in IBM Robotic Process Automation versions...

Security Bulletin: IBM Robotic Process Automation for Cloud Pak is vulnerable to cross-protocol attacks due to sendmail (CVE-2021-3618)

Summary sendmail is used by IBM Robotic Process Automation for Cloud Pak as part of the antivirus container. CVE-2021-3618 Vulnerability Details CVEID:CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol...

PT-2022-6210 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.2 Description: The issue is related to the configuration of IBM Robotic Process Automation, which is vulnerable to man-in-the-middle attacks through manipulation of the client proxy...

CVE-2022-35280

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634...

PT-2022-20208 · Ibm · Ibm Robotic Process Automation

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation versions 21.0.0 through 21.0.2 Description: The issue allows a privileged user to elevate their privilege to platform administrator through manipulation of APIs. Recommendations: For versions 21.0.0 through...

IBM Robotic Process Automation 访问控制错误漏洞

IBM Robotic Process Automation is a robotic process automation product from IBM USA. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation version 21.0.0, 21.0.1, and...

CVE-2022-22412

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host client machine to obtain a login access token. IBM X-Force ID: 223019...

CVE-2022-22434

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159...

PT-2020-16159 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: WildFly versions up to 21.0.0.Final Description: A memory leak flaw was found in WildFly where the host-controller tries to reconnect in a loop, generating new connections that are not properly closed while unable to connect to the...

CVE-2019-2575

Vulnerability in the Oracle AutoVue 3D Professional Advanced component of Oracle Supply Chain Products Suite subcomponent: Format Handling - 2D. Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

Cisco Ultra Services Framework Information Disclosure Vulnerability

Cisco Ultra Services Framework is an intelligent online service delivery platform from the U.S. company Cisco Cisco. An information disclosure vulnerability exists in the AutoVNF VNFStagingView class in Cisco Ultra Services Framework version 21.0.0, which stems from the program failing to...