Website Optimization – Plerdy Security Vulnerabilities

CVE-2023-45190 IBM Engineering Lifecycle Optimization HTTP header injection

IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or...

CVE-2023-45187 IBM Engineering Lifecycle Optimization - Publishing session fixation

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: ...

avro vs protobuf

A Kickoff Discussion on Core Aspects of Avro & Protobuf When deliberating on the subject of data structure encoding, a tandem of tools frequently emerges in technical discussions: Avro and Protobuf. Originating from a vision of precise data compression, the distinguishable features and...

CentOS 8 : git (CESA-2023:3246)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:3246 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...

CentOS 8 : thunderbird (CESA-2023:1802)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1802 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted....

CentOS 8 : firefox (CESA-2023:1787)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:1787 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability...

Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security

Rapid cloud and SaaS adoption is driving digital transformation that's reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3

Summary IBM Engineering Lifecycle Optimization - Publishing Does not support Container authentication from 7.0.3 Vulnerability Details ** CVEID: CVE-2023-45187 DESCRIPTION: **IBM Engineering Lifecycle Optimization - Publishing does not invalidate session after logout which could allow an...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in disableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in enableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in enableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Cross-Site Request Forgery to Settings Update in optimizeAllOn

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated...

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in disableOptimization

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with.....

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in optimizeAllOn

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

ImageRecycle pdf & image compression < 3.1.14 - Missing Authorization to Settings Update in stopOptimizeAll

Description The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with...

SUSE: Security Advisory (SUSE-SU-2024:0325-1)

The remote host is missing an update for...

Hands-On Review: SASE-based XDR from Cato Networks

Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive.....

SUSE: Security Advisory (SUSE-SU-2024:0321-1)

The remote host is missing an update for...

Exploit for Out-of-bounds Write in Zlib

ZLIB DATA COMPRESSION LIBRARY zlib 1.2.8 is a general purpose...

CVE-2023-28807

In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate...

CVE-2023-28807

In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate...

CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique

In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate...

java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution CVE-2024-20921: Range check loop...

[SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38

The curses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses (new curses) library is a freely distributable replacement for the discontinued 4.4 BSD classic curses library. This package contains support utilities, including...

glibc syslog() Heap-Based Buffer Overflow Exploit

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August...

Fedora: Security Advisory for ncurses (FEDORA-2024-96090dafaf)

The remote host is missing an update for...

glibc syslog() Heap-Based Buffer Overflow

...

Post-quantum Cryptography for the Go Ecosystem

filippo.io/mlkem768 is a pure-Go implementation of ML-KEM-768 optimized for correctness and readability. ML-KEM (formerly known as Kyber, renamed because we can't have nice things) is a post-quantum key exchange mechanism in the process of being standardized by NIST and adopted by most of the...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22081, CVE-2023-22067, CVE-2023-4807 & CVE-2023-5676)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An...

java security update

CentOS Errata and Security Advisory CESA-2024:0232 The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)...

java security update

CentOS Errata and Security Advisory CESA-2024:0223 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-22006, CVE-2023-22036 & CVE-2023-22049)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22049 DESCRIPTION: **An...

Protobuf vs JSON

A Beginners Guide to Understanding Protobuf & JSON When you dive into the sphere of data serialization, you're likely to encounter two dominant players - Protobuf, the colloquial term for Protocol Buffers, and JSON, standing for JavaScript Object Notation. Both of these formats carry distinctive...

Security Operations (SecOps)

Understanding the Basics of Security Operations (SecOps) SecOps represents the blending of cybersecurity proficiency with operational domains, forming a powerful bulwark. Its primary mission lies in safeguarding the fundamental data assets and technological infrastructures of an organization. More....

RHEL 8 : ncurses (RHSA-2024:0416)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0416 advisory. The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The...

SUSE: Security Advisory (SUSE-SU-2024:0203-1)

The remote host is missing an update for...

(RHSA-2024:0416) Moderate: ncurses security update

The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool...

(RHSA-2024:0266) Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

RHEL 8 / 9 : java-11-openjdk (RHSA-2024:0266)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0266 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. ...

Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

(RHSA-2024:0265) Important: java-1.8.0-openjdk security and bug fix update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

(RHSA-2024:0267) Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: incorrect handling of ZIP files...

(RHSA-2024:0244) Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: incorrect handling of ZIP files...

(RHSA-2024:0237) Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

(RHSA-2024:0228) Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

(RHSA-2024:0248) Important: java-21-openjdk security update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...

(RHSA-2024:0242) Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: incorrect handling of ZIP files...

(RHSA-2024:0235) Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468) (CVE-2024-20918) OpenJDK: RSA padding issue and timing...