| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Tanium addressed an improper input validation vulnerability in Deploy. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an incorrect default permissions vulnerability in Performance. |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. |
| Tanium addressed an incorrect default permissions vulnerability in Discover. |
| Tanium addressed an incorrect default permissions vulnerability in Comply. |
| Tanium addressed an improper access controls vulnerability in Reputation. |
| Tanium addressed an incorrect default permissions vulnerability in Enforce. |
| Tanium addressed an improper link resolution before file access vulnerability in Enforce. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an information disclosure vulnerability in Threat Response. |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. |
| Tanium addressed an uncontrolled resource consumption vulnerability in Connect. |
| Tanium addressed an incorrect default permissions vulnerability in Patch. |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. |
| IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8. |
| n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0. |
| n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a prerequisites an unauthenticated attacker needs knowledge of such workflows existing and the endpoints for file uploads need to be unauthenticated. This issue has been patched in versions 1.123.12 and 2.4.0. |
