Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Date published : 2020-09-18 https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the...
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually...
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Date published : 2020-09-18 https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01
An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable...
An issue was discovered in Gradle Enterprise 2018.2 – 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary...
An issue was discovered in Gradle Enterprise 2017.1 – 2020.2.4. The /usage page of Gradle Enterprise conveys high level build information such as project names and build counts over time. This page is incorrectly...
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. An attacker with physical access to the browser of a user who has recently logged in to Gradle Enterprise and since closed their browser...
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the...
An issue was discovered in Gradle Enterprise 2018.5 – 2020.2.4. When configuring Gradle Enterprise to integrate with a SAML identity provider, an XML metadata file can be uploaded by an administrator. The server side...
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation. Date published : 2020-09-18 https://security.gradle.com/advisory/CVE-2020-15771...
An issue was discovered in Gradle Enterprise 2018.5. An attacker can potentially make repeated attempts to guess a local user’s password, due to lack of lock-out after excessive failed logins. Date published : 2020-09-18...
An issue was discovered in Gradle Enterprise 2020.2 – 2020.2.4. An XSS issue exists via the request URL. Date published : 2020-09-18 https://security.gradle.com/advisory/CVE-2020-15769 https://github.com/gradle/gradle/security/advisories
An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if...