InfoSec News & Tutorials
NAME__________JetBrains Hub cross-site scriptingPlatforms Affected:Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains Hub is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by dashboards. A remote authenticated attacker could exploit this…
NAME__________JetBrains TeamCity cross-site scriptingPlatforms Affected:Risk Level:4.6Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________JetBrains TeamCity is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the SSH keys page. A remote authenticated attacker…
NAME__________Rocket Software UniData and UniVerse information disclosurePlatforms Affected:Rocket Software UniData 8.2.4 Rocket Software UniVerse 11.3.5 Rocket Software UniVerse 12.2.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Rocket Software UniData and UniVerse could allow a remote…
NAME__________Hitachi SDM600 security bypassPlatforms Affected:Hitachi Energy SDM600Risk Level:7.7Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Hitachi SDM600 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the API web services…
NAME__________Hitachi SDM600 denial of servicePlatforms Affected:Hitachi Energy SDM600Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Hitachi SDM600 is vulnerable to a denial of service. By running multiple parallel requests, an remote attacker could exploit…
NAME__________Rocket Software UniData and UniVerse denial of servicePlatforms Affected:Rocket Software UniData 8.2.4 Rocket Software UniVerse 11.3.5 Rocket Software UniVerse 12.2.1Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Rocket Software UniData and UniVerse are vulnerable…
NAME__________Forcepoint Cloud Security Gateway cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Forcepoint Cloud Security Gateway is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login_reset_request.mhtml modules. A…
NAME__________Xray Audit module for Drupal cross-site scriptingPlatforms Affected:Drupal Xray Audit module for Drupal 1.1.0Risk Level:5.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Xray Audit module for Drupal is vulnerable to cross-site scripting, caused by improper validation…
NAME__________HashiCorp Vault and Vault Enterprise information disclosurePlatforms Affected:HashiCorp Vault Enterprise 1.11.8 HashiCorp Vault 1.11.8 HashiCorp Vault Enterprise 1.12.4 HashiCorp Vault 1.12.4 HashiCorp Vault 1.13.0 HashiCorp Vault Enterprise 1.13.0Risk Level:5Exploitability:UnprovenConsequences:Obtain Information…
NAME__________Rocket Software UniData and UniVerse denial of servicePlatforms Affected:Rocket Software UniData 8.2.4 Rocket Software UniVerse 11.3.5 Rocket Software UniVerse 12.2.1Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Rocket Software UniData and UniVerse are vulnerable…
NAME__________JetBrains IntelliJ IDEA information disclosurePlatforms Affected:Risk Level:6.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JetBrains IntelliJ IDEA could allow a remote attacker to obtain sensitive information, caused by a insufficiently-protected credentials in an API method used…
NAME__________JetBrains IntelliJ IDEA information disclosurePlatforms Affected:Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________JetBrains IntelliJ IDEA could allow a local attacker to obtain sensitive information. By using an external stylesheet path in Markdown preview, attacker…
NAME__________ScriptCase directory traversalPlatforms Affected:ScriptCase ScriptCase 9.9.008Risk Level:3.8Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________ScriptCase could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to…
NAME__________JetBrains IntelliJ IDEA code executionPlatforms Affected:Risk Level:5.2Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________JetBrains IntelliJ IDEA could allow a local attacker to execute arbitrary code on the system, caused by the bundled version of Chromium…
NAME__________JetBrains IntelliJ IDEA weak securityPlatforms Affected:Risk Level:4.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________JetBrains IntelliJ IDEA could provide weaker than expected security, caused by insufficient verification of data authenticity when importing Gradle and Maven projects.…
NAME__________OpenImageIO Project OpenImageIO information disclosurePlatforms Affected:OpenImageIO OpenImageIO 2.4.7.1Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________OpenImageIO Project OpenImageIO could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the…
NAME__________Forcepoint Cloud Security Gateway cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Forcepoint Cloud Security Gateway is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login_submit.mhtml modules. A…
NAME__________Forcepoint Cloud Security Gateway cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Forcepoint Cloud Security Gateway is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login_reset_request.mhtml modules. A…
NAME__________OpenImageIO Project OpenImageIO information disclosurePlatforms Affected:OpenImageIO OpenImageIO 2.4.7.1Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________OpenImageIO Project OpenImageIO could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the…
NAME__________AngularJS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the…
NAME__________AngularJS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the…
NAME__________OpenImageIO Project OpenImageIO denial of servicePlatforms Affected:OpenImageIO OpenImageIO 2.4.7.1Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________OpenImageIO Project OpenImageIO is vulnerable to a denial of service, caused by an uncontrolled recursion flaw in the…
NAME__________AngularJS denial of servicePlatforms Affected:Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service DESCRIPTION__________AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the…
NAME__________runc denial of servicePlatforms Affected:Risk Level:2.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________runc is vulnerable to a denial of service, caused by improper access control in the /sys/fs/cgroup endpoint. A local authenticated attacker could…