Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution Date published : 2022-05-07 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. Date published : 2022-05-06 https://www.splunk.com/en_us/product-security/announcements/svd-2022-0501.html
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the...
IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in...
Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin
The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. Date published : 2022-05-06...
A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use...
The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an...
The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an...
The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to...
Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) Date published : 2022-05-06 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097778
Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses Date published : 2022-05-06 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116
Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks Date published : 2022-05-06 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098116
An issue was discovered in the Sametime chat feature in the Notes 11.0 – 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a...