IBM API Connect Information Disclosure Vulnerability (CNVD-2019-00559)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. An information disclosure vulnerability exists in the role-based access control feature of the...

ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1) +5714 more potentially affected by CVE-2018-14720 via com.fasterxml.jackson.core:jackson-databind (>=2.8.0 <=2.8.11.2)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.8.0, =0.1.8, =0.5, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.4, =0.9 and more Source cves: CVE-2018-14720 Source advisory: OSV:GHSA-X2W5-5M2G-7H5M...

IBM API Connect Privilege Vulnerability

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. An elevation of privilege vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.8.4,...

GHSA-3448-VFVV-XP9G Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser

A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +7882 more potentially affected by CVE-2016-3092 via commons-fileupload:commons-fileupload (>=1.0 <=1.3.1)

commons-fileupload:commons-fileupload MAVEN version =1.0, =1.1, =0.0.1, =1.0, =4.0, =4.0, =4.0, =4.0, =4.2 and more Source cves: CVE-2016-3092 Source advisory: OSV:GHSA-FVM3-CFVJ-GXQQ...

Apache OFBiz Information Disclosure Vulnerability (CNVD-2018-25797)

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security vulnerability exists in Apache OFBiz...

IBM Security Access Manager Information Disclosure Vulnerability (CNVD-2018-25399)

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. An information disclosure vulnerability exists in IBM Security Access Manager...

IBM Security Access Manager Clickjacking Vulnerability

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. A clickjacking vulnerability exists in IBM Security Access Manager versions 9.0.1....

UBUNTU-CVE-2018-19865

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3...

IBM QRadar Advisor with Watson Information Disclosure Vulnerability

IBM QRadar Advisor with Watson is a suite of security threat analysis solutions from IBM USA. The product includes features such as security threat response and threat probing. A security vulnerability exists in IBM QRadar Advisor with Watson versions 1.1.0 through 1.14.0. An attacker could explo...

CVE-2018-1905

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.10), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2018-1321 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.10)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2018-1321 Source advisory: OSV:GHSA-XGC9-9W4V-H33H...

org.apache.activemq:apache-activemq (>=5.0.0 <=5.15.16), org.apache.axis2:axis2-integration (=1.4) +3 more potentially affected by CVE-2018-8006 via org.apache.activemq:activemq-web-console (>=5.0.0 <=5.15.5)

org.apache.activemq:activemq-web-console MAVEN version =5.0.0, =5.0.0, =5.15.16 - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 - org.apache.camel:camel-example-jms-file =1.3.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2018-8006...

IBM WebSphere Commerce Information Disclosure Vulnerability (CNVD-2018-22088)

IBM WebSphere Commerce is a suite of e-business solutions from IBM in the United States. The solution supports all sales business models, including B2C, B2B and B2B2C, on a single customer interaction platform. An information disclosure vulnerability exists in IBM WebSphere Commerce versions...

br.eti.clairton:ds-test (=0.4.0), br.jus.stf.digital:core (>=2.0.0 <=2.3.1) +420 more potentially affected by CVE-2017-2666 via io.undertow:undertow-core (>=1.4.0.Beta1 <=1.4.16.Final)

io.undertow:undertow-core MAVEN version =1.4.0.Beta1, =2.0.0, =0.2.7, =1.2.0, =1, =1, =1.0, =1.1 - com.fizzed:ninja-undertow =5.7.0.undertow2 - com.gitblit.fathom:fathom-core =0.9.0 - com.gitblit.fathom:fathom-eventbus =0.9.0 - com.gitblit.fathom:fathom-integration-test =0.9.0 -...

com.feelercloud:esap-mesh (=2.0.32), com.github.arucard21.simplyrestful:simplyrestful-jetty (=0.5) +439 more potentially affected by CVE-2018-8039 via org.apache.cxf:cxf-rt-transports-http (>=3.2.0 <=3.2.4)

org.apache.cxf:cxf-rt-transports-http MAVEN version =3.2.0, =0.0.1, =1.0.3, =1.0.3, =1.0.0.RELEASE, =2.6.0, =2.0.0, =1.3.0-RELEASE, =2.0.1-RELEASE - de.alpharogroup:gen-db-core =0.9.3 - de.alpharogroup:gen-db-sources =0.9.3 and more Source cves: CVE-2018-8039 Source advisory: OSV:GHSA-JC7R-V6FG-2...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.4.0 <=1.4.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.4.0 <=1.4.2) +4 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.4.0 <=1.4.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +3026 more potentially affected by CVE-2018-1271 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =2.0.7.RELEASE and...

at.chrl:chrl-jms (=1.1.0), ca.islandora.alpaca:islandora-connector-broadcast (>=0.2.0 <=0.3.0) +1574 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=4.0.1.RELEASE <=4.3.15.RELEASE)

org.springframework:spring-messaging MAVEN version =4.0.1.RELEASE, =0.2.0, =1.4, =1.4, =1.1.0, =1.1.1, =1.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...