The Workspace client component of TIBCO Software Inc.’s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged...
The REST API component of TIBCO Software Inc.’s TIBCO JasperReports Server, TIBCO JasperReports Server – Community Edition, TIBCO JasperReports Server – Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix...
IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a local attacker to obtain sensitive information, caused by plain text user account passwords potentially being stored in the browser’s application command history. By...
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM...
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 and Open Liberty are vulnerable to identity spoofing by an authenticated user. IBM X-Force ID: 225603. Date published : 2022-05-17 https://www.ibm.com/support/pages/node/6586734 https://exchange.xforce.ibmcloud.com/vulnerabilities/225603
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. Date published : 2022-05-17 https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. Date published : 2022-05-17 https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. Date published : 2022-05-17 https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUPOLEX5GXC733HL4EFYMHFU7NISJJZG/
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets....
The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the...
The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts...
The affected On-Premise cnMaestro is vulnerable to execution of code on the cnMaestro hosting server. This could allow a remote attacker to change server configuration settings. Date published : 2022-05-17 https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-04
The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part...
The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro...