DM PD065 1.19 FingerTool authentication replay
A vulnerability has been found in DM PD065 1.19 and classified as critical. Affected by this vulnerability is some unknown functionality of the component FingerTool. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
MISP 2.4.146 Galaxy Cluster Fork add.ctp cross site scripting
A vulnerability was found in MISP 2.4.146 and classified as problematic. Affected by this issue is an unknown part of the file app/View/GalaxyClusters/add.ctp of the component Galaxy Cluster Fork Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting
A vulnerability was found in ZyXEL GS1900-8 2.60. It has been classified as problematic. This affects an unknown code of the component LLDP Packet Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
IBM Sterling Connect 1.4.1.1/1.5.0.2 Direct Browser User Interface improper restriction of rendered ui layers
A vulnerability, which was classified as problematic, was found in IBM Sterling Connect 1.4.1.1/1.5.0.2 (Business Process Management Software). Affected is an unknown code of the component Direct Browser User Interface. Upgrading eliminates this vulnerability.
IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2 information exposure
A vulnerability has been found in IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2 and classified as problematic. Affected by this vulnerability is an unknown code block. Upgrading eliminates this vulnerability.
IBM i2 Analysts Notebook Premium 9.2.0/9.2.1/9.2.2 information exposure
A vulnerability was found in IBM i2 Analysts Notebook Premium 9.2.0/9.2.1/9.2.2 and classified as problematic. Affected by this issue is some unknown processing. Upgrading eliminates this vulnerability.
IBM i2 Analyze 4.3.0/4.3.1/4.3.2 information exposure [CVE-2021-29784]
A vulnerability was found in IBM i2 Analyze 4.3.0/4.3.1/4.3.2. It has been classified as problematic. This affects an unknown function. Upgrading eliminates this vulnerability.
IBM QRadar SIEM up to 7.3.3 Patch 8/7.4.3 GA inadequate encryption
A vulnerability was found in IBM QRadar SIEM up to 7.3.3 Patch 8/7.4.3 GA (Log Management Software). It has been declared as problematic. This vulnerability affects an unknown functionality. Upgrading eliminates this vulnerability.
IBM i2 Analysts Notebook Premium 9.2.0/9.2.1/9.2.2 session fixiation
A vulnerability was found in IBM i2 Analysts Notebook Premium 9.2.0/9.2.1/9.2.2. It has been rated as critical. This issue affects some unknown functionality. Upgrading eliminates this vulnerability.
IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2 Cookie missing secure attribute
A vulnerability classified as problematic has been found in IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2. Affected is an unknown part of the component Cookie Handler. Upgrading eliminates this vulnerability.
IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2 input validation
A vulnerability classified as critical was found in IBM i2 Analysts Notebook Premium 4.3.0/4.3.1/4.3.2. Affected by this vulnerability is an unknown code. Upgrading eliminates this vulnerability.
IBM i2 iBase 8.9.13 uncontrolled search path [CVE-2020-4623]
A vulnerability, which was classified as critical, has been found in IBM i2 iBase 8.9.13. Affected by this issue is an unknown code block. Upgrading eliminates this vulnerability.
Apache Directory Studio up to 2.0.0.v20210213-M16 SASL Authentication missing encryption
A vulnerability, which was classified as problematic, was found in Apache Directory Studio up to 2.0.0.v20210213-M16. This affects some unknown processing of the component SASL Authentication. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
3xLogic Infinias eIDC32 up to 3.4.125 TLS certificate validation
A vulnerability has been found in 3xLogic Infinias eIDC32 up to 3.4.125 and classified as critical. This vulnerability affects an unknown function of the component TLS Handler. Upgrading eliminates this vulnerability. The upgrade is hosted for download at 3xlogic.com.
Elasticsearch up to 6.8.16/7.13.2 Grok Parser infinite loop
A vulnerability was found in Elasticsearch up to 6.8.16/7.13.2 and classified as problematic. This issue affects an unknown functionality of the component Grok Parser. Upgrading to version 6.8.17 or 7.13.3 eliminates this vulnerability. The upgrade is hosted for download at discuss.elastic.co.
OTRS Community Edition up to 7.0.27/8.0.14 information disclosure
A vulnerability was found in OTRS Community Edition up to 7.0.27/8.0.14 (Service Management Software). It has been classified as problematic. Affected is some unknown functionality. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
OTRS Time Accounting up to 7.0.18 Project Crate Screen cross site scripting
A vulnerability was found in OTRS Time Accounting up to 7.0.18 (Accounting Software). It has been declared as problematic. Affected by this vulnerability is an unknown part of the component Project Crate Screen. Upgrading to version 7.0.19 eliminates this vulnerability.
OTRS Community Edition up to 7.0.26 Bulk Action Screen permission
A vulnerability was found in OTRS Community Edition up to 7.0.26 (Service Management Software). It has been rated as problematic. Affected by this issue is an unknown code of the component Bulk Action Screen. Upgrading to version 7.0.27 eliminates this vulnerability.
OTRS Community Edition up to 7.0.26 Calendar permission
A vulnerability classified as critical has been found in OTRS Community Edition up to 7.0.26 (Service Management Software). This affects an unknown code block of the component Calendar. Upgrading to version 7.0.27 eliminates this vulnerability.
isula-build up to 0.9.5-7 Container Image Builder denial of service
A vulnerability classified as problematic was found in isula-build up to 0.9.5-7. This vulnerability affects some unknown processing of the component Container Image Builder. Upgrading to version 0.9.5-8 eliminates this vulnerability.
url-parse URL redirect [CVE-2021-3664]
A vulnerability, which was classified as critical, has been found in url-parse (unknown version). This issue affects an unknown function of the component URL Handler. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.
OTRS Community Edition up to 7.0.27/8.0.14 Email cross site scripting
A vulnerability, which was classified as problematic, was found in OTRS Community Edition up to 7.0.27/8.0.14 (Service Management Software). Affected is an unknown functionality of the component Email Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Microsoft Windows MS-EFSRPC EfsRpcOpenFileRaw PetitPotam server-side request forgery
A vulnerability classified as critical was found in Microsoft Windows (Operating System) (the affected version is unknown). This vulnerability affects the function EfsRpcOpenFileRaw of the component MS-EFSRPC. The best possible mitigation is suggested to be disabling the affected component.
NCH WebDictate up to 2.13 logprop file path traversal
A vulnerability was found in NCH WebDictate up to 2.13. It has been declared as problematic. Affected by this vulnerability is some unknown functionality of the file logprop. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.