aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6640 items

CVE-2015-4911: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows rem

infovulnerability
security
Oct 22, 2015
CVE-2015-4911

CVE-2015-4911 is a vulnerability in multiple versions of Oracle Java SE (Java SE 6u101, 7u85, 8u60), Java SE Embedded 8u51, and JRockit R28.3.7 that allows remote attackers to disrupt service availability through JAXP (Java API for XML Processing, which handles XML data in Java programs). The vulnerability details remain unspecified, and the National Institute of Standards and Technology (NIST) has not prioritized detailed analysis of this issue.

NVD/CVE Database

CVE-2015-4893: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows rem

infovulnerability
security
Oct 21, 2015
CVE-2015-4893

CVE-2015-4893 is an unspecified vulnerability in multiple versions of Oracle Java SE and related products that allows remote attackers to disrupt service availability through JAXP (Java API for XML Processing, a tool Java uses to read and write XML files). The vulnerability can be exploited through web-based Java applications or by sending malicious data directly to affected APIs.

CVE-2015-4842: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to

infovulnerability
security
Oct 21, 2015
CVE-2015-4842

CVE-2015-4842 is a vulnerability in Oracle Java SE versions 6u101, 7u85, 8u60, and Java SE Embedded 8u51 that affects confidentiality (the protection of information from unauthorized access) through JAXP (Java API for XML Processing). The vulnerability can only be exploited in sandboxed Java Web Start applications and sandboxed Java applets (small programs run through a web browser in a restricted environment), making it limited to client-side Java deployments.

CVE-2015-4803: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows rem

infovulnerability
security
Oct 21, 2015
CVE-2015-4803

CVE-2015-4803 is an unspecified vulnerability in Oracle Java SE versions 6u101, 7u85, 8u60, and related products that affects system availability through JAXP (Java API for XML Processing, a library for handling XML documents). The vulnerability can be exploited remotely through sandboxed Java Web Start applications, Java applets, or by sending malicious data to affected APIs, such as through a web service.

CVE-2015-2773: SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors

infovulnerability
security
Mar 27, 2015
CVE-2015-2773

A vulnerability (CVE-2015-2773) in Websense TRITON V-Series appliances before version 8.0.0 allows attackers to read files they shouldn't have access to through unspecified methods. This affects a security appliance (a hardware device that protects networks), making it a serious risk for organizations using older versions of this equipment.

CVE-2015-2772: SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vecto

infovulnerability
security
Mar 27, 2015
CVE-2015-2772

CVE-2015-2772 is a vulnerability in Websense TRITON V-Series appliances (security devices that filter network traffic) before version 8.0.0 that allows attackers to upload arbitrary files through unspecified attack methods. The vulnerability affects the SVM (security virtual machine, a component that processes security policies) and could let an attacker place unwanted files on the device.

CVE-2015-2771: The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allow

infovulnerability
security
Mar 27, 2015
CVE-2015-2771

Websense TRITON AP-EMAIL and V-Series appliances before version 8.0.0 stored login credentials in plaintext (unencrypted text readable by anyone), allowing remote attackers to steal this sensitive information. This is a serious flaw because plaintext credentials give attackers direct access to the mail server without needing to crack encrypted passwords.

CVE-2015-2770: Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8

infovulnerability
security
Mar 27, 2015
CVE-2015-2770

A cross-site request forgery vulnerability (CSRF, a type of attack where an attacker tricks a user into performing unwanted actions on a website they're logged into) was found in Websense TRITON V-Series appliances before version 8.0.0, allowing remote attackers to hijack user authentication through unknown methods. The vulnerability affects the command line page of these security appliances.

CVE-2015-2769: Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMA

infovulnerability
security
Mar 27, 2015
CVE-2015-2769

Websense TRITON AP-EMAIL versions before 8.0.0 contain multiple CSRF vulnerabilities (cross-site request forgery, a type of attack where an attacker tricks a user into performing unwanted actions on a website where they're logged in) in its Personal Email Manager feature that could allow attackers to take over user accounts. The exact details of how the attack works are not publicly disclosed.

CVE-2015-2768: Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows rem

infovulnerability
security
Mar 27, 2015
CVE-2015-2768

A cross-site scripting vulnerability (XSS, a weakness where attackers inject malicious code into web pages) was found in Websense TRITON AP-EMAIL versions before 8.0.0 and V-Series 7.7 appliances, allowing remote attackers to inject arbitrary web scripts or HTML through unspecified entry points. The vulnerability has a CVSS score (a 0-10 rating of how severe a security flaw is) of 4.0.

CVE-2015-2767: Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Au

infovulnerability
security
Mar 27, 2015
CVE-2015-2767

CVE-2015-2767 is an unspecified vulnerability in Websense TRITON AP-EMAIL (an email security tool) versions before 8.0.0 related to the "Autocomplete Enabled" feature, but the exact impact and how attackers could exploit it are not detailed in available information. The vulnerability's severity rating (CVSS score, a 0-10 measure of how serious a vulnerability is) has not yet been officially assessed.

CVE-2015-2766: The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact vi

infovulnerability
security
Mar 27, 2015
CVE-2015-2766

CVE-2015-2766 is a vulnerability in Websense TRITON AP-EMAIL versions before 8.0.0 that affects the Personal Email Manager (PEM) component. Attackers can exploit this flaw using a brute force attack (repeatedly trying many passwords or login combinations to gain unauthorized access), potentially causing unspecified damage to the system.

CVE-2015-2765: The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking atta

infovulnerability
security
Mar 27, 2015
CVE-2015-2765

Websense TRITON AP-EMAIL versions before 8.0.0 contain a vulnerability that allows attackers to perform clickjacking attacks (tricking users into clicking something they didn't intend to click by disguising a malicious link as a legitimate one) through unspecified methods. The weakness stems from improper input validation (failing to check that data entering the system is safe and expected).

CVE-2015-2764: Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to in

infovulnerability
security
Mar 27, 2015
CVE-2015-2764

Websense TRITON AP-DATA versions before 8.0.0 contain multiple cross-site scripting (XSS, a type of attack where malicious code is injected into web pages) vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML through unspecified vectors in the DSS Mobile or DLP report catalog.

CVE-2015-2763: Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to por

infovulnerability
security
Mar 27, 2015
CVE-2015-2763

CVE-2015-2763 is a vulnerability in Websense TRITON AP-EMAIL (a security product that filters email) versions before 8.0.0 involving port 17703, but the exact nature of the vulnerability and how it could be exploited are not publicly detailed. The vulnerability has an unknown impact and attack vector, making it difficult for users to understand the risk without more information.

CVE-2015-2762: Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors relate

infovulnerability
security
Mar 27, 2015
CVE-2015-2762

Websense TRITON AP-WEB versions before 8.0.0 contain a vulnerability that allows attackers to discover Windows domain user accounts through HTTP authentication methods (a process called enumeration, where attackers list valid usernames without needing passwords). This flaw exposes sensitive information to unauthorized users.

CVE-2015-2761: Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB befor

infovulnerability
security
Mar 27, 2015
CVE-2015-2761

A cross-site scripting (XSS) vulnerability, which is a weakness where attackers inject malicious code into web pages, was found in Websense TRITON AP-WEB versions before 8.0.0 on its Exceptions and Scanning Exceptions pages. Remote attackers could exploit this flaw through unspecified methods to inject harmful scripts or HTML code.

CVE-2014-9712: Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to rea

infovulnerability
security
Mar 27, 2015
CVE-2014-9712

Websense TRITON V-Series appliances (network security devices) before version 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 contain a vulnerability that allows remote administrators to read files they shouldn't have access to and obtain passwords by sending specially crafted requests to the system. This is a serious security flaw because it exposes sensitive information to unauthorized users.

CVE-2015-2748: Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote att

infovulnerability
security
Mar 26, 2015
CVE-2015-2748

Websense TRITON AP-WEB versions before 8.0.0 have a flaw where certain files in the explorer_wse/ folder are not properly protected, allowing attackers to access sensitive information like security incident reports and configuration files by making direct web requests. This is a type of access control vulnerability (a failure to properly restrict who can view certain files).

CVE-2015-2747: Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Webs

infovulnerability
security
Mar 26, 2015
CVE-2015-2747

CVE-2015-2747 is a cross-site scripting (XSS) vulnerability (a type of attack where an attacker injects malicious code into a webpage that runs in users' browsers) in Websense Triton 7.8.3 and V-Series 7.7 appliances' data loss prevention (DLP, a security tool that prevents sensitive data from leaving an organization) feature. Remote attackers can exploit this by sending crafted emails or HTTP requests to inject arbitrary web scripts or HTML code.

Previous327 / 332Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Update Websense TRITON V-Series appliances to version 8.0.0 or later. The vendor advisory referenced indicates that vulnerabilities were resolved in TRITON APX Version 8.0.

NVD/CVE Database

Fix: Update Websense TRITON V-Series appliances to version 8.0.0 or later. According to the source, vulnerabilities were resolved in TRITON APX Version 8.0, which is referenced in the official Websense support advisory.

NVD/CVE Database

Fix: Upgrade to Websense TRITON APX Version 8.0 or later, as referenced in the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.

NVD/CVE Database

Fix: Upgrade to Websense TRITON APX Version 8.0.0 or later, as indicated by the vendor advisory referencing vulnerabilities resolved in TRITON APX Version 8.0.

NVD/CVE Database

Fix: Update Websense TRITON AP-EMAIL to version 8.0.0 or later, as indicated by the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.

NVD/CVE Database

Fix: Update to Websense TRITON AP-EMAIL Version 8.0.0 or later. (The source references a Websense support article about 'Vulnerabilities resolved in TRITON APX Version 8.0'.)

NVD/CVE Database
NVD/CVE Database

Fix: Upgrade Websense TRITON AP-EMAIL to version 8.0.0 or later.

NVD/CVE Database

Fix: Upgrade Websense TRITON AP-EMAIL to version 8.0.0 or later.

NVD/CVE Database

Fix: Upgrade to Websense TRITON AP-DATA version 8.0.0 or later.

NVD/CVE Database

Fix: Update Websense TRITON AP-EMAIL to version 8.0.0 or later, as indicated by the vulnerability affecting versions 'before 8.0.0.'

NVD/CVE Database

Fix: Update Websense TRITON AP-WEB to version 8.0.0 or later. According to the source, vulnerabilities were resolved in TRITON APX Version 8.0.

NVD/CVE Database
NVD/CVE Database

Fix: Update Websense TRITON V-Series appliances to version 7.8.3 Hotfix 03 or version 7.8.4 Hotfix 01 or later, as specified in the vendor advisories from Websense.

NVD/CVE Database

Fix: Update Websense TRITON AP-WEB to version 8.0.0 or later.

NVD/CVE Database
NVD/CVE Database