Sicam A8000 Cp-8000, Sicam A8000 Cp-802x, Sicam A8000 Cp-8050 Security Vulnerabilities

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...

RHEL 8 : opencryptoki (RHSA-2024:1608)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1608 advisory. The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Casdoor < v1.331.0 - '/api/set-password' CSRF

...

Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...

Exploit for Embedded Malicious Code in Tukaani Xz

root@ubuntu:~/xz/# apt update root@ubuntu:~/xz/# apt install -y...

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

CVE-2021-31630...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray...

CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the admin_page function. This makes it possible for unauthenticated attackers to delete or duplicate existing audio or video players via a forged request granted they can trick a site....

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in python-requests [CVE-2023-32681]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in python-requests, caused by the leaking of Proxy-Authorization headers to destination servers during redirects to an HTTPS origin [CVE-2023-32681]. python-requests is used as a....

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in urllib3 [CVE-2023-45803]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in urllib3, caused by a flaw with not remove the HTTP request body when an HTTP redirect response using status 303 [ CVE-2023-45803]. urllib3 is used as a component of our Speech runtimes.....

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by information exposure in urllib3 [CVE-2023-43804]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by potential sensitive information exposure in urllib3, caused by a flaw with cookie request header not stripped during cross-origin redirects. [CVE-2023-43804]. urllib3 is used as a component of our Speech...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc [CVE-2024-21626]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in Open Container Initiative runc, caused by an internal file descriptor leak [CVE-2024-21626]. Open Container Initiative runc is part of the gcc utils used by our service runtimes. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in rsyslog [ CVE-2022-24903]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in rsyslog, caused by improper bounds checking by the TCP syslog server (receiver) components [ CVE-2022-24903]. Rsyslog is used as a component of our Speech runtimes. This...

Security Bulletin: IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure (CVE-2017-20189)

Summary IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 4.8.4 has addressed a security vulnerability in Clojure (CVE-2017-20189) by upgrading to a non-vulnerable version. Vulnerability Details ** CVEID: CVE-2017-20189 DESCRIPTION: **Clojure could allow a remote authenticated attacker...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Docker Registry, OpenSSH and go-git

Summary go-git and DockerRegistry are consumed through OSE packages. OSE package is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2017-11468 DESCRIPTION:...

Shortlinks by Pretty Links < 3.6.3 - Reflected Cross-Site Scripting via post_status

Description The plugin does not sanitise and escape the post_status parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

Nagios XI Version 2024R1.01 - SQL Injection Exploit

...

Nagios XI 2024R1.01 SQL Injection

...

CVE-2023-25039

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...

CVE-2023-25039

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...

CVE-2023-25039 WordPress Google Maps CP plugin <= 1.0.43 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through...

Nagios XI Version 2024R1.01 - SQL Injection

...

Exploit for CVE-2024-28116

Graver Description Proof of Concept script to...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228-POC exploit CVE-2021-44228 ...

Cisco IOS XR Software SSH Privilege Escalation (cisco-sa-iosxr-ssh-privesc-eWDMKew3)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated,...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to denial of service due to OpenTelemetry go module ( CVE-2023-45142, CVE-2023-47108 )

Summary OpenTelemetry go module is used by IBM Cloud Pak for Data Scheduling as part of the scheduler binaries. CVE-2023-45142, CVE-2023-47108. Vulnerability Details ** CVEID: CVE-2023-45142 DESCRIPTION: **OpenTelemetry OpenTelemetry-Go Contrib is vulnerable to a denial of service, caused by an...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to remote authentication attack due to Kubernetes Scheduler code ( CVE-2023-5528 )

Summary Kubernetes Scheduler code is used by IBM Cloud Pak for Data Scheduling as part of the scheduling binaries. CVE-2023-5528. Vulnerability Details ** CVEID: CVE-2023-5528 DESCRIPTION: **Kubernetes kubelet could allow a remote authenticated attacker to gain elevated privileges on the system,...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to denial of service due to golang compiler ( CVE-2023-39325 )

Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling as part of the build process for the scheduler binaries . CVE-2023-39325. Vulnerability Details ** CVEID: CVE-2023-39325 DESCRIPTION: **Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to installation denial of service due to grpc ( CVE-2023-44487 )

Summary Grpc is used by IBM Cloud Pak for Data Scheduling as part of the image catalog used for installation. CVE-2023-44487. Vulnerability Details ** CVEID: CVE-2023-44487 DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in...

Exploit for CVE-2024-1212

CVE-2024-1212 Command Injection Exploit for Kemp LoadMaster...

(RHSA-2024:1411) Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC...

Exploit for CVE-2023-50868

NSEC3-Encloser-Attack Zonefile Generation This project...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This...

RHEL 8 : opencryptoki (RHSA-2024:1411)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1411 advisory. The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]

Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-39320 DESCRIPTION: **Golang Go could allow a...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities

Summary Ansible-operator and opm are used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduling-operator and ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities....

Debian dla-3766 : libnvpair1linux - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3766 advisory. An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to...

Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.

Summary IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow when invoked with invalid parameters. Vulnerability Details ** CVEID: CVE-2023-28527 DESCRIPTION: **IBM Informix cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Input validation

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Cisco IOS XR Software SSH Privilege Escalation Vulnerability

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...

CVE-2024-2413

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

CVE-2024-2412

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...

CVE-2024-2412

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...

CVE-2024-2413

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

CVE-2024-2413 Intumit SmartRobot - Use of Hard-coded Cryptographic Key

Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute...

CVE-2024-2412 Heimavista Rpage and Epage - Broken Access Control

The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be...