Monthly Archive: September 2021

Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions

Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data...

Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Null pointer dereference in SuiteLink server while processing command 0x0b Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Null pointer dereference in SuiteLink server while processing command 0x07 Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 Date published : 2021-09-23 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2021-003.pdf

Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Date published : 2021-09-23 https://docs.pingidentity.com/bundle/pingaccess-53/page/wco1629833104567.html

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610. Date published : 2021-09-23 https://www.ibm.com/support/pages/node/6491525...

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...