The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of reborncore.common.network.ExtendedPacketBuffer. An attacker can instantiate any class on the classpath with any data. A class...
Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order...
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified...
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges....
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. Date published : 2021-05-31...
The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. Date published : 2021-05-31 https://github.com/caolan/forms/pull/214 https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398. Date published : 2021-05-31 https://www.ibm.com/support/pages/node/6457315 https://exchange.xforce.ibmcloud.com/vulnerabilities/199398
IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET request that could cause the application to crash. Date published : 2021-05-31 https://www.ibm.com/support/pages/node/6457315 https://exchange.xforce.ibmcloud.com/vulnerabilities/199280
IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. X-Force ID: 199278. Date published : 2021-05-31 https://www.ibm.com/support/pages/node/6457315 https://exchange.xforce.ibmcloud.com/vulnerabilities/199278
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings in New Content Backup page. IBM X-Force ID: 172130. Date published :...
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129. Date published...
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128. Date published : 2021-05-31...
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...