11 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13670
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they ...
Untrusted Search Path
Overview Affected versions of this package are vulnerable to Untrusted Search Path. An attacker can achieve remote code execution by planting malicious files on the victim's system, with knowledge of where they should be placed, then tricking a user to run these files. Remediation Upgrade...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2023-50315)
Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Seafile Security Breach
HaiwenHuzhi Network Technology Seafile is an open source enterprise cloud disk from China HaiwenHuzhi Network Technology. The product has Markdown WYSIWYG editing, Wiki, file labeling and other features. A security vulnerability exists in Seafile version 9.0.6, which stems from the presence of...
Seafile Security Breach
HaiwenHuzhi Network Technology Seafile is an open source enterprise cloud disk from China HaiwenHuzhi Network Technology. The product features Markdown WYSIWYG editing, Wiki, file labeling and more. A security vulnerability exists in Seafile version 9.0.6, which originated from allowing an attack...
GHSA-C533-C843-67H8 Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
Cross-site Scripting XSS vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
Immer 安全漏洞
Immer is a Javascript-based state management library from the Immer community. A security vulnerability exists in versions prior to immer 9.0.6 that stems from when the user-supplied key used in the path parameter is an array, which could lead to a bypass of CVE-2020-28477...
PT-2020-13649 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue is related to an Access Bypass vulnerability in Drupal Core, where an attacker can exploit the way HTML is...
PT-2020-13648 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue is an access bypass vulnerability in the Workspaces module of Drupal Core, which fails to properly check acces...
CVE-2019-4145
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400...