Latest ibm ibm® engineering requirements management doors web access Vulnerabilities

CVE-2023-50305
IBM Engineering Requirements Management information disclosure
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
IBM Engineering Requirements Management DOORS=9.7.2.7
Ibm Engineering Requirements Management Doors Web Access=9.7.2.7
CVE-2023-28525
IBM Engineering Requirements Management cross-site scripting
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
IBM Engineering Requirements Management DOORS=9.7.2.7
Ibm Engineering Requirements Management Doors Web Access=9.7.2.7
CVE-2023-28949
IBM Engineering Requirements Management cross-site request forgery
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
IBM Engineering Requirements Management DOORS=9.7.2.7
Ibm Engineering Requirements Management Doors Web Access=9.7.2.7
IBM-7124058
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2023-50306
IBM Common Licensing information disclosure
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2024-21733
Apache Tomcat: Leaking of unrelated request bodies in default error page
Apache Tomcat>=8.5.7<8.5.64
Apache Tomcat>=9.0.1<9.0.44
Apache Tomcat=9.0.0-milestone11
Apache Tomcat=9.0.0-milestone12
Apache Tomcat=9.0.0-milestone13
Apache Tomcat=9.0.0-milestone14
and 19 more
CVE-2023-45648
Apache Tomcat: Trailer header parsing too lenient
Apache Tomcat>=8.5.0<8.5.94
Apache Tomcat>=9.0.1<9.0.81
Apache Tomcat>=10.1.1<10.1.14
Apache Tomcat=9.0.0-milestone1
Apache Tomcat=9.0.0-milestone10
Apache Tomcat=9.0.0-milestone11
and 74 more
CVE-2023-42795
Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
Apache Tomcat>=8.5.0<8.5.94
Apache Tomcat>=9.0.1<9.0.81
Apache Tomcat>=10.1.1<10.1.14
Apache Tomcat=9.0.0-milestone1
Apache Tomcat=9.0.0-milestone10
Apache Tomcat=9.0.0-milestone11
and 74 more
CVE-2023-38546
curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
Haxx Libcurl>=7.9.1<8.4.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Apple iOS<16.7.5
Apple iPadOS<16.7.5
Apple macOS Sonoma<14.2
and 12 more
CVE-2023-38545
curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities
Microsoft Windows Server 2019
Microsoft Windows 11=23H2
Microsoft Windows 11=22H2
Microsoft Windows 11=21H2
Microsoft Windows 11=22H2
Microsoft Windows 11=23H2
and 59 more
CVE-2023-43642
### Summary snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size....
maven/org.xerial.snappy:snappy-java<=1.1.10.3
redhat/snappy-java<1.1.10.4
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
IBM Cloud Pak for Business Automation<1.1.10.4
CVE-2023-41080
Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the FORM authentication feature. An attacker could exploit this vulnerability using...
Apache Tomcat>=8.5.0<=8.5.92
Apache Tomcat>=9.0.0<=9.0.79
Apache Tomcat>=10.1.0<=10.1.12
Apache Tomcat=11.0.0-milestone1
Apache Tomcat=11.0.0-milestone10
Apache Tomcat=11.0.0-milestone2
and 25 more
CVE-2023-32001
curl: fopen race condition: CVE-2023-32001
Haxx Libcurl>=7.84.0<=8.1.2
Debian Debian Linux=12.0
Fedoraproject Fedora=37
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2023-35116
** DISPUTED ** jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspect...
FasterXML jackson-databind<=2.15.2
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
redhat/jackson-databind<2.15.2
<2.16.0
CVE-2023-28320
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous ...
Haxx Curl<8.1.0
Apple macOS Ventura<13.5
Apple macOS Big Sur<11.7.9
Apple macOS Monterey<12.6.8
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
and 13 more
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when...
Haxx Curl<8.1.0
ubuntu/curl<8.1.0
ubuntu/curl<7.68.0-1ubuntu2.19
ubuntu/curl<7.81.0-1ubuntu1.11
ubuntu/curl<7.85.0-1ubuntu0.6
ubuntu/curl<7.88.1-8ubuntu2.1
and 34 more
CVE-2023-28321
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl ...
Haxx Curl<8.1.0
ubuntu/curl<8.1.0
ubuntu/curl<7.68.0-1ubuntu2.19
ubuntu/curl<7.81.0-1ubuntu1.11
ubuntu/curl<7.85.0-1ubuntu0.6
ubuntu/curl<7.88.1-8ubuntu2.1
and 35 more
CVE-2023-28319
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memor...
Haxx Curl<8.1.0
redhat/curl<8.1.0
Apple macOS Ventura<13.5
Apple macOS Big Sur<11.7.9
Apple macOS Monterey<12.6.8
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
and 14 more
CVE-2023-27537
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads b...
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl=7.88.0
Haxx Libcurl=7.88.1
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 20 more
CVE-2023-1370
[Json-smart](<a href="https://netplex.github.io/json-smart/">https://netplex.github.io/json-smart/</a>) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON i...
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
redhat/jenkins<2-plugins-0:4.12.1686649756-1.el8
redhat/jenkins<0:2.401.1.1686680404-3.el8
redhat/jenkins<2-plugins-0:4.10.1684982411-1.el8
maven/net.minidev:json-smart<2.4.9
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
and 5 more
CVE-2023-27538
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have pre...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.16.1<8.0.0
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 22 more
CVE-2023-27536
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to chec...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.22.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created conn...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Libcurl>=7.13.0<=7.88.1
Fedoraproject Fedora=36
Debian Debian Linux=10.0
and 21 more
CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its inten...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.18.0<=7.88.1
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server...
redhat/curl<8.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.0.0<=7.881
Fedoraproject Fedora=36
Netapp Active Iq Unified Manager Vmware Vsphere
and 20 more
CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of upload...
redhat/jenkins<0:2.387.3.1684911776-3.el8
redhat/jws5-tomcat<0:9.0.62-15.redhat_00013.1.el7
redhat/jws5-tomcat<0:9.0.62-15.redhat_00013.1.el8
redhat/jws5-tomcat<0:9.0.62-15.redhat_00013.1.el9
Apache Commons FileUpload>=1.0<1.5
Apache Commons FileUpload=1.0-beta
and 17 more
CVE-2023-23916
cURL libcurl is vulnerable to a denial of service, caused by a flaw in the decompression chain implementation. By sending a specially-crafted request, a remote attacker could exploit this vulnerabilit...
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.57.0<7.88.0
Fedoraproject Fedora=36
and 22 more
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using it...
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.77.0<7.88.0
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 19 more
CVE-2023-23914
A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl...
redhat/curl<7.88.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Haxx Curl>=7.77.0<7.88.0
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp Clustered Data ONTAP=9.0
and 19 more
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operati...
Microsoft CBL Mariner 1.0 x64
Microsoft CBL Mariner 2.0 x64
Microsoft CBL Mariner 1.0 ARM
Microsoft CBL Mariner 2.0 ARM
redhat/jbcs-httpd24-curl<0:8.0.1-1.el8
redhat/jbcs-httpd24-curl<0:8.0.1-1.el7
and 32 more
CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-...
redhat/jbcs-httpd24-curl<0:8.0.1-1.el8
redhat/jbcs-httpd24-curl<0:8.0.1-1.el7
Apple macOS Ventura<13.3
redhat/curl<7.87.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
and 10 more
CVE-2021-37533
Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP client trusts the host from PASV response by default. By persuading a victim to connec...
debian/libcommons-net-java<=3.6-1
Apache Commons Net<3.9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
redhat/apache-commons-net<3.9.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
and 1 more
CVE-2022-42252
Apache Tomcat is vulnerable to HTTP request smuggling, caused by the failure to reject a request containing an invalid Content-Length header when configured to ignore invalid HTTP headers via setting ...
Apache Tomcat>=8.5.0<8.5.83
Apache Tomcat>=9.0.0<9.0.68
Apache Tomcat>=10.0.0<10.0.27
Apache Tomcat>=10.1.0<10.1.1
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
and 11 more
CVE-2022-42004
A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent t...
debian/jackson-databind<=2.9.8-3+deb10u3
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
redhat/jenkins<2-plugins-0:4.12.1675702407-1.el8
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el9ea
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el7ea
and 14 more
CVE-2022-42003
A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive...
redhat/jenkins<2-plugins-0:4.11.1686831822-1.el8
redhat/jenkins<2-plugins-0:4.12.1675702407-1.el8
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el8ea
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el9ea
redhat/eap7-jackson-databind<0:2.12.7-1.redhat_00003.1.el7ea
redhat/candlepin<0:4.1.19-1.el7
and 64 more
CVE-2021-43980
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a long standing concurrency flaw in the simplified implementation of blocking reads and writes. By sending a spec...
debian/tomcat9<=9.0.31-1~deb10u6
Apache Tomcat>=8.5.0<=8.5.77
Apache Tomcat>=9.0.0<=9.0.60
Apache Tomcat>=10.0.0<=10.0.18
Apache Tomcat=10.1.0-milestone1
Apache Tomcat=10.1.0-milestone10
and 18 more
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an applicat...
Scala-lang Scala>=2.13.0<2.13.9
Scala-lang Scala-collection-compat<2.9.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
redhat/scala<2.13.9
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
and 1 more
CVE-2022-32532
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly ...
Apache Shiro<1.9.1
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
CVE-2022-24729
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-24728
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2021-41165
### Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. ### Impact A potential vulnerability has been discovered ...
Ckeditor Ckeditor<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Agile Product Lifecycle Management=9.3.6
Oracle Application Express<22.1
and 19 more
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The...
Ckeditor Ckeditor>=4.0<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 19 more
CVE-2021-37695
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) packag...
Ckeditor Ckeditor<4.16.2
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
and 14 more
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted c...
composer/drupal/drupal>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
composer/drupal/core>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
Ckeditor Ckeditor>=4.14.0<4.16.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 15 more
CVE-2021-29425
Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-cra...
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 185 more
CVE-2021-25122
A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meanin...
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el7
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el7
redhat/jws5-tomcat-native<0:1.2.26-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-2.Final_redhat_00003.1.el7
redhat/jws5-ecj<0:4.12.0-3.redhat_2.2.el8
redhat/jws5-tomcat<0:9.0.43-11.redhat_00011.1.el8
and 65 more
CVE-2021-27568
A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vu...
Json-smart Project Json-smart-v1<1.3.2
Json-smart Project Json-smart-v2<2.3.1
Json-smart Project Json-smart-v2>=2.4<2.4.1
Oracle Communications Cloud Native Core Policy=1.14.0
Oracle OSS Support Tools<2.12.42
Oracle PeopleSoft Enterprise PeopleTools=8.58
and 11 more
CVE-2021-26271
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Advanced Tab for Dialogs plugin. By persuading a victim to paste specially-crafted t...
Ckeditor Ckeditor>=4.0<4.16
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Application Express<21.1.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.0.9
Oracle Financial Services Analytical Applications Infrastructure=8.1.0
and 19 more
CVE-2021-23926
A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity (XXE) attacks. The highest threat from this...
redhat/xmlbeans<3.0.0
IBM IBM® Engineering Requirements Management DOORS<=9.7.2.7
IBM IBM® Engineering Requirements Management DOORS Web Access<=9.7.2.7
Apache XMLBeans<=2.6.0
NetApp OnCommand Unified Manager Core Package
NetApp Snap Creator Framework
and 8 more
CVE-2020-17527
Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an issue when the HTTP request header value can be reused from the previous stream received on an HTTP/2 connecti...
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el7
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el7
redhat/jws5-tomcat<0:9.0.36-9.redhat_8.1.el8
redhat/jws5-tomcat-native<0:1.2.25-3.redhat_3.el8
redhat/tomcat<10.0.0
redhat/tomcat<9.0.40
and 65 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203