CVE-2022-21429

Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications component: Billing Care. Supported versions that are affected are 12.0.0.4.0-12.0.0.6.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

Oracle Enterprise Manager Base Platform 输入验证错误漏洞

Oracle Enterprise Manager Base Platform is a set of local management platform of Oracle Oracle. The platform is primarily used to manage Oracle product deployments. An input validation error vulnerability exists in Oracle Enterprise Manager Base Platform component: Enterprise Manager Install...

PT-2022-3726

Name of the Vulnerable Software and Affected Versions Apache Spark versions 3.0.3 and earlier Apache Spark versions 3.1.1 to 3.1.2 Apache Spark versions 3.2.0 to 3.2.1 Description The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an...

CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses...

PT-2022-22974 · Pyenv · Pyenv

Name of the Vulnerable Software and Affected Versions: pyenv versions 1.2.24 through 2.3.2 Description: The issue allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims...

pyenv 路径遍历漏洞

pyenv is a simple Python versioning tool. A security vulnerability in pyenv versions 1.2.24 through 2.3.2 exists that allows local users to gain privileges through the .python-version file in the current working directory...

@angular-devkit/build-angular (>=0.1001.0-next.4 <=14.1.0-rc.3), @bkstorm/vendure-ui-devkit (=2.0.0-next.5-beta.1) +71 more potentially affected by CVE-2022-25858 via terser (>=5.0.0 <=5.14.1)

terser NPM version =5.0.0, =0.1001.0-next.4, =1.4.5, =13.0.2, =3.9.0, =0.1.1, =0.1.1, =0.1.22, =0.1.22, =0.1.32, =0.1.1, =0.1.0, =1.7.4, =1.7.18 and more Source cves: CVE-2022-25858 Source advisory: OSV:GHSA-4WF5-VPHF-C2XC...

Gollum 跨站脚本漏洞

Gollum is a simple wiki system built on top of Git by Gollum. It has a good API and a native front-end. A security vulnerability exists in Gollum versions 5.0 through 5.1.2, which originates from cross-site scripting XSS in gollum via filename arguments to the New Page dialog box...

PT-2022-15453 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue is caused by improper handling of Administrative Console data, allowing a remote attacker to obtain sensitive information. This information could be used in...

IBM Spectrum Protect Server 安全漏洞

IBM Spectrum Protect Server is a spectrum protection system from IBM USA. Provides total data resilience for physical file servers, virtual environments and a wide range of applications. A security vulnerability exists in IBM Spectrum Protect Server versions 8.1.0.000 through 8.1.14.000 that...

CVE-2021-41042

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

IBM App Connect Enterprise 信任管理问题漏洞

IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +79 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.37.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0101...

CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

CVE-2022-27627

Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...

PT-2022-17816 · Cybozu · Cabinet Of Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cabinet of Cybozu Garoon versions 4.0.0 through 5.5.1 Description: A browse restriction bypass and operation restriction bypass issue allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. Recommendations: For...

PT-2022-19171 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.1 Description: The issue is related to improper input validation in the Scheduler component, allowing a remote authenticated attacker to modify Scheduler data. Recommendations: For Cybozu Garoon versio...

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. An information disclosure vulnerability exists in GitLab versions 12.4 through...

CVE-2022-22478

IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886...

IBM Sterling B2B Integrator 信息泄露漏洞

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. An information disclosure vulnerability exists in IBM Sterlin...