OX App Suite has patched for sensitive information disclosure, cross site scripting, improper access control, authorization bypass, and resource consumption vulnerabilities. Some of the issues affect OX App Suite frontend version 7.10.6-rev23 and some affect OX App Suite backend version 7.10.6-rev36.
155ec55f6da0ebb83ce88e1e80511fb3da026e9c6a7fd7336c4fe3969b7e009a
Debian Linux Security Advisory 5398-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
ee38b91484a2e9da0e6d235cdab8756535ecf5dc0dbec326bcf55aab4a9aae7a
Jedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function.
0d65954fe57317294bfe2c400f3db4b3623426f3c49974de9f8966129d23c3cd
Jedox version 2020.2.5 suffers from having improper access controls in /tc/rpc that allows remote authenticated users to view details of database connections via the class com.jedox.etl.mngr.Connections and the method getGlobalConnection.
4978dc2461b1d119aeb99611968991dd695fb91ff2de8614aa5259189ffcb604
projectSend version r1605 suffers from a private file download vulnerability.
7d0616347abe6dce55f8a948b13c9f7a8dcf7bdd7ba623acf8033e840b683c68
Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
e3a2157c393645dfb393ee9ad3917dc59ae65410313a1f4480e733e61b4fbe63
Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.
5321c2e6d8a5ba0ee798a8ecbc4154af4303cab89fef43786dea99f1de8f6e68
SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69
GDidees CMS version 3.9.1 suffers from file disclosure and directory traversal vulnerabilities.
3ad70797b1102b6af3e3732783bf2a2c1c292b1c3e789902f8a13abbd0ea3c37
Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
31f7bda15db67dc239bc90b93138e84328a40dd4a4fd5382ed039eb5a54b131f
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57
ENTAB ERP version 1.0 suffers from a username information leak due to a lack of rate limiting.
9a0018070bfd8bbf3bd166d224a03db6d8c71e46d17a9234b197505cc3ced293
Icinga Web version 2.10 suffers from an arbitrary file disclosure vulnerability.
f08ad07b926f6cf095c8b7a80fc8a8658f60c610c96b25e695c50c6c4ae28f48
Franklin Fueling Systems TS-550 appears to suffer from insecure direct object reference and password hash disclosure vulnerabilities.
c7eb9b6d134d1e52a18386709b28e379d579cbcebfd3a3b74885aede997153b9
Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB suffer from an information leakage vulnerability.
b8a45b8069a5a5129862e21629b12e2ac7fea0a964921f4c4676a3ebbf3a17c8
Sales Tracker Management System version 1.0 suffers from an information disclosure vulnerability.
09eb9f9f3be0d62ba132f7b2c369f9882748969f3344e7cf82cf6c269db7e064
DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.
63d71c45b66ab170d2acf14007338350c4e6603e64a4f67be40cf28b407eee4c
Joomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability.
417f9d6c26b8a1e0793bc9e5aaf8fe1808d869eb6f3e3c535d5813d71577788d
Debian Linux Security Advisory 5377-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
51386e4f82d3fa06d6856296972bb66ad386ecf19472a1e8924e27cea3026f9f
Ubuntu Security Notice 5966-2 - USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information.
4749f55afc6287a649f39b41a2552f3b688b77959973ae84bd337045e4dad07f
Ubuntu Security Notice 5966-1 - Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges.
2580ab51db5f3bf0e05ef50995b026255510f6945bca4387cdd8ab8d58501893
Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability.
230d9930fbdec26e4628f0385522c78b426bd6ed51e29a6e47c431fd60fb961b
Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.
7a77b45fcc76d5afb91f7f9e5267626d1904eb000933f05496369762ff8b6fb4
Fastly suffers from the poor practice of sending a temporary password in plaintext.
09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc
Debian Linux Security Advisory 5371-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
0f6a986bb12975949c5f0a377c9c2edaab1560f19c398911f89ca72a911defc8