aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6640 items

CVE-2015-2746: The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON

infovulnerability
security
Mar 26, 2015
CVE-2015-2746EPSS: 23.9%

A command injection vulnerability (CWE-77, a flaw where special characters bypass security checks and let attackers run unauthorized commands) exists in the Websense TRITON Appliance Manager's network diagnostics tool. Remote authenticated users can execute arbitrary commands by inserting shell metacharacters (special symbols like pipes or semicolons) into command parameters, such as the Destination field in the ping command.

Fix: Update to Websense TRITON V-Series appliances version 7.8.4 Hotfix 02 or later.

NVD/CVE Database

CVE-2015-2703: Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances a

infovulnerability
security
Mar 25, 2015
CVE-2015-2703

Websense TRITON AP-WEB appliances (versions before 8.0.0) and V-Series 7.7 contain multiple XSS vulnerabilities (cross-site scripting, where attackers inject malicious code into web pages). Attackers can exploit these by injecting harmful scripts through specific parameters in the Data Security block page and Content Gateway, which the system fails to properly filter before displaying in error messages.

CVE-2015-2702: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL be

infovulnerability
security
Mar 25, 2015
CVE-2015-2702

A cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code into web pages) was found in the Message Log feature of Websense TRITON AP-EMAIL email security appliances. Attackers could exploit this by crafting a malicious email sender address, allowing them to inject arbitrary web scripts or HTML that would execute when someone views the message log. The vulnerability affected versions before 8.0.0 and V-Series 7.7 appliances.

CVE-2014-9711: Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0

infovulnerability
security
Mar 25, 2015
CVE-2014-9711

Websense TRITON AP-WEB and related security products contained multiple XSS vulnerabilities (cross-site scripting, where attackers inject malicious code into web pages seen by other users) in their reporting features. Attackers could exploit these vulnerabilities by inserting harmful scripts through specific parameters in the report scheduler and summary report pages.

CVE-2015-0412: Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, inte

infovulnerability
security
Jan 21, 2015
CVE-2015-0412

CVE-2015-0412 is an unspecified vulnerability in Oracle Java SE versions 6u85, 7u72, and 8u25 that affects JAX-WS (a Java web service framework). Remote attackers can exploit this flaw through sandboxed Java Web Start applications and Java applets to compromise confidentiality, integrity, and availability, though it only affects client-side Java deployments.

CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename

mediumvulnerability
security
Nov 10, 2014
CVE-2014-8559

CVE-2014-8559 is a bug in the Linux kernel (version 3.17.2 and earlier) where the d_walk function fails to properly manage rename_lock (a mechanism that prevents conflicts when files are renamed). A local user can exploit this to cause a denial of service (DoS), which means crashing or freezing the system so it becomes unresponsive.

CVE-2014-3584: The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers

infovulnerability
security
Oct 30, 2014
CVE-2014-3584

CVE-2014-3584 is a denial of service (DoS) vulnerability in Apache CXF, a web services framework, where a specially crafted SAML token (an authentication credential) in a request's authorization header can cause an infinite loop, making the service unresponsive. The vulnerability affects CXF versions before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1.

CVE-2014-6517: Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3

infovulnerability
security
Oct 15, 2014
CVE-2014-6517

CVE-2014-6517 is an unspecified security vulnerability in multiple versions of Oracle Java SE (a widely-used programming language and runtime environment) and related products that allows remote attackers to compromise confidentiality through JAXP (Java API for XML Processing, a tool for handling XML data). The vulnerability affects Java SE versions 6u81, 7u67, and 8u20, among others, but the specific technical details of how it works were not disclosed.

CVE-2014-3464: The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2

infovulnerability
security
Aug 19, 2014
CVE-2014-3464

CVE-2014-3464 is a security flaw in Red Hat JBossWS (a web service framework used in JBoss Enterprise Application Platform versions 6.2.0 and 6.3.0) where the EJB invocation handler (the code that processes requests to Enterprise Java Beans, which are reusable server-side components) fails to properly block access to restricted JAX-WS handlers (specialized processors for web service messages). This allows authenticated remote users to bypass security restrictions by exploiting permissions they have to the EJB class itself.

CVE-2014-2510: The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P

infovulnerability
security
Jul 8, 2014
CVE-2014-2510

CVE-2014-2510 is a vulnerability in EMC Documentum Foundation Services (DFS) versions 6.6, 6.7 SP1, and 6.7 SP2 that allows authenticated users to read files they shouldn't have access to through an XXE (XML External Entity, a flaw where specially crafted XML input tricks a parser into accessing external files) attack. The vulnerability affects components like My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage.

CVE-2014-0054: The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not

infovulnerability
security
Apr 17, 2014
CVE-2014-0054EPSS: 34.6%

CVE-2014-2423: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to aff

infovulnerability
security
Apr 16, 2014
CVE-2014-2423

CVE-2014-2423 is an unspecified security flaw in Oracle Java SE versions 6u71, 7u51, and 8 (plus Java SE Embedded 7u51) that affects JAX-WS (a tool for building web services in Java). Remote attackers could exploit this vulnerability to compromise confidentiality (stealing data), integrity (modifying data), and availability (disrupting service), though the exact attack method was not publicly disclosed.

CVE-2014-2414: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to aff

infovulnerability
security
Apr 16, 2014
CVE-2014-2414

CVE-2014-2414 is a vulnerability in Oracle Java SE versions 6u71, 7u51, and 8, as well as Java SE Embedded 7u51, that allows remote attackers to compromise the security of affected systems through JAXB (Java Architecture for XML Binding, a tool for converting between XML and Java objects). The vulnerability could affect confidentiality (keeping data secret), integrity (preventing unauthorized changes), and availability (keeping systems running).

CVE-2014-2403: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to aff

infovulnerability
security
Apr 16, 2014
CVE-2014-2403

A security flaw was found in Oracle Java SE versions 6u71, 7u51, and 8, as well as Java SE Embedded 7u51, that allows attackers to compromise confidentiality (the privacy of data) through JAXP (Java API for XML Processing, a tool for handling XML documents). The exact nature of the vulnerability is not specified in the available information, and the severity rating has not yet been officially assigned.

CVE-2014-0458: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to aff

infovulnerability
security
Apr 16, 2014
CVE-2014-0458

CVE-2014-0458 is an unspecified vulnerability in Oracle Java SE versions 6u71, 7u51, and 8 (as well as Java SE Embedded 7u51) that allows remote attackers to compromise confidentiality, integrity, and availability through JAX-WS (Java API for XML Web Services, a tool for building web services). The vulnerability affects multiple versions of Java and was discovered in 2014.

CVE-2014-0452: Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to aff

infovulnerability
security
Apr 16, 2014
CVE-2014-0452

CVE-2014-0452 is an unspecified vulnerability in Oracle Java SE versions 6u71, 7u51, and 8, as well as Java SE Embedded 7u51, that allows remote attackers to compromise confidentiality (reading private data), integrity (modifying data), and availability (disrupting service) through JAX-WS (Java API for XML Web Services, a tool for building web services). The vulnerability details remain undisclosed in the source material.

CVE-2014-0347: The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31

infovulnerability
security
Apr 12, 2014
CVE-2014-0347

A vulnerability in Websense security products (versions 7.7.3 and earlier) allows authenticated users to view saved passwords in plaintext by modifying web page code that normally hides passwords as dots. An attacker with login access could change a password field's HTML element from type="password" to type="text" to expose stored credentials in the Log Database or User Directories components.

CVE-2013-4736: Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as us

infovulnerability
security
Feb 10, 2014
CVE-2013-4736

Multiple integer overflows (math errors where numbers become too large for their storage space) were found in camera driver code for Linux-based Android devices, allowing attackers to crash the system by sending many commands through an ioctl call (a way programs request special actions from the operating system kernel).

CVE-2013-7315: The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolutio

infovulnerability
security
Jan 23, 2014
CVE-2013-7315

Spring Framework versions before 3.2.4 and certain 4.0.0 versions have a vulnerability where XML processing doesn't block external entity resolution, allowing attackers to read files, disrupt service, or perform CSRF attacks (cross-site request forgery, where attackers trick users into performing unwanted actions) through specially crafted XML input. This is classified as an XXE issue (XML External Entity, a type of attack that exploits how XML parsers handle external references).

CVE-2013-4152: The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable e

infovulnerability
security
Jan 23, 2014
CVE-2013-4152EPSS: 89.0%
Previous328 / 332Next

Fix: Upgrade Websense TRITON APX to Version 8.0 or later, as stated in the vendor advisory: 'Vulnerabilities resolved in TRITON APX Version 8.0'.

NVD/CVE Database

Fix: Update to Websense TRITON AP-EMAIL version 8.0.0 or later, as referenced in the vendor advisory at http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0.

NVD/CVE Database

Fix: Update to Websense TRITON AP-WEB version 8.0.0 or later, or apply Hotfix 02 for version 7.8.3 and Hotfix 01 for version 7.8.4 of Web Security and Filter, Web Security Gateway, and Web Security Gateway Anywhere.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Update Apache CXF to version 2.6.11, 2.7.8, or 3.0.1 or later.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Spring Framework versions before 3.2.8 and 4.0.x before 4.0.2 contain a vulnerability in their XML handling component that fails to disable external entity resolution, allowing attackers to read files, cause service disruptions, and perform CSRF attacks (cross-site request forgery, where an attacker tricks you into performing unwanted actions on a website you're logged into) through malicious XML input. This is an XXE (XML External Entity) vulnerability, a flaw where an application processes external references in XML files unsafely.

Fix: Update Spring Framework to version 3.2.8 or later, or update Spring Framework 4.0.x to version 4.0.2 or later.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Apply Hotfix 31 to Websense Triton Unified Security Center, Web Filter, Web Security, Web Security Gateway, or Web Security Gateway Anywhere version 7.7.3.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Spring Framework versions before 3.2.4 and 4.0.0.M1 have a vulnerability in their XML processing tool (Spring OXM wrapper with JAXB marshaller) that fails to disable entity resolution, which is a security feature that prevents processing of external XML entities. This allows attackers to read arbitrary files (files they shouldn't access), cause denial of service (making the application unavailable), and conduct CSRF attacks (cross-site request forgery, tricking users into performing unwanted actions) by embedding malicious XML external entity declarations in input data.

Fix: Upgrade Spring Framework to version 3.2.4 or 4.0.0.M1 or later. Red Hat provides patches and updates referenced in advisories RHSA-2014-0212, RHSA-2014-0245, RHSA-2014-0254, and RHSA-2014-0400. A patch is also available in the Spring Framework GitHub repository (https://github.com/spring-projects/spring-framework/pull/317/files).

NVD/CVE Database