Vulnerability Disclosure
Vulnerabilities discovered and disclosed by Aura Information Security.
| Name & Description | CVE(s) | Publish Date | Vendor & Product | Affected Versions |
|---|---|---|---|---|
| Pentaho Business Analytics Server | CVE-2022-43769, CVE-2022-43773, CVE-2022-43938, CVE-2022-43939, CVE-2022-43940, CVE-2022-43771, CVE-2022-43941, CVE-2022-3960, CVE-2022-43772 | 4 April 2023 | Hitachi Vantara - Pentaho Business Analytics Server | 9.4.0.1 and 9.3.0.2, including 8.3.x |
| Adobe ColdFusion - Path Traversal Vulnerability | CVE-2019-8074 | 24 September 2019 | Adobe - ColdFusion | 2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions |
| Sitecore CRM 8.1 - Authenticated vulnerabilities within Sitecore permit arbitary file upload and download | CVE-2017-5965, CVE-2017-5966 | 19 May 2017 | Sitecore - Sitecore | 8.1 Rev 151207 |
| VMware Horizon DaaS - Insecure data validation during RDP file creation allows an attacker to manipulate client users into connecting to a malicious server | VMSA-2017-0002, CVE-2017-4897 | 10 March 2017 | VMware - Horizon Daas Platform | 6.1.x |
| SageCRM - A SQL injection and an arbitrary file upload vulnerability allow authenticated attackers to obtain access to the underlying database or obtain remote code execution | CVE-2017-5219, CVE-2017-5218 | 24 January 2017 | Sage - SageCRM | 7.0.e and later |