21310 matches found
PT-2025-8949 · Ibm · Ibm Entirex
Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue allows an authenticated attacker to traverse directories on the system by sending a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to improper limitation of a pathname to a restricted directory in the asset upload functionality. An attacker can upload files to directories outside of the intended temporary directory by manipulating file paths...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in aiohttp
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of aiohttp Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a...
Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)
The version of php installed on the remote host is prior to 8.2.27-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...
Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2025-006 (ALASPHP8.1-2025-006)
The version of php installed on the remote host is prior to 8.1.31-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...
Security Bulletin: There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure (CVE-2024-22328)
Summary There is a vulnerability in IBM Maximo Manage application that could allow an unauthenticated path-traversal leading to an arbitrary file disclosure. Vulnerability Details CVEID:CVE-2024-22328 DESCRIPTION: IBM Maximo Application Suite 8.10 and 8.11 could allow a remote attacker to travers...
SUSE-SU-2025:20128-1 Security update for vim
This update for vim fixes the following issues: vim was updated to 9.1.1101: - CVE-2024-43374: Fixed use-after-free in alistadd bsc1229238 - CVE-2024-43790: Fixed Out of bounds read when performing a search command bsc1229685 - CVE-2024-43802: Fixed heap-buffer-overflow in instypebuf bsc1229822 -...
Security update for vim
This update for vim fixes the following issues: vim was updated to 9.1.1101: CVE-2024-43374: Fixed use-after-free in alistadd bsc1229238 CVE-2024-43790: Fixed Out of bounds read when performing a search command bsc1229685 CVE-2024-43802: Fixed heap-buffer-overflow in instypebuf bsc1229822...
2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT
A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants with different hashes of...
Security Bulletin: IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201
Summary IBM Maximo Application Suite, IBM Maximo Application Suite - IoT Component and IBM Truststore Manager uses jinja2-3.1.4-py3-none-any.whl which is vulnerable to CVE-2024-56326, CVE-2024-56201. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Medium: php
Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...
Medium: php
Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...
openSUSE Security Advisory (SUSE-SU-2024:2859-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2928-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2568-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2858-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:1943-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Siemens SIMATIC S7-1500 TM MFP BIOS Out-of-bounds Read (CVE-2019-25013)
The iconv feature in the GNU C Library aka glibc or libc6 through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SIMATIC S7-1500 TM MFP BIOS Loop with Unreachable Exit Condition ('Infinite Loop') (CVE-2020-27618)
The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...