67 matches found
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...
Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)
Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...
Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...
au.net.causal.shoelaces:shoelaces-jersey (=3.0), au.net.causal.shoelaces:shoelaces-jersey-client (=3.0) +521 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=3.1.0-M1 <=3.1.1)
org.glassfish.jersey.core:jersey-client MAVEN version =3.1.0-M1, =22.12.0, =22.11.0, =22.9.0, =22.7.0, =22.10.0, =22.11.0, =22.12.0, =22.7.0, =1.0.0.1, =4.0.3, =4.0.3, =4.0.0, =5.4.0 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), com.amazon.deequ:deequ (>=2.0.14-spark-4.0 <=2.0.15-spark-4.0) +331 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=3.0.16)
org.glassfish.jersey.core:jersey-client MAVEN version =3.0.16 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - ai.catboost:catboost-spark4.02.13 =1.2.10 - com.amazon.deequ:deequ...
com.axonivy.ivy.webtest:web-tester (>=12.0.1 <=13.1.0), com.exasol:extension-manager-client-java (>=0.5.13 <=0.5.16) +390 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (=2.45)
org.glassfish.jersey.core:jersey-client MAVEN version =2.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.glassfish.jersey.core:jersey-client and may be impacted: - com.axonivy.ivy.webtest:web-tester =12.0.1, =0.5.13, =0.5.13, =1.6.0, =2.2.19,...
ae.teletronics.nlp:w2vec (=1.0), ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3) +11524 more potentially affected by CVE-2025-12383 via org.glassfish.jersey.core:jersey-client (>=2.0 <=2.45)
org.glassfish.jersey.core:jersey-client MAVEN version =2.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.10 and more Source cves: CVE-2025-12383 Source advisory: SNYK:JAVA-ORGGLASSFISHJERSEYCORE-14049172...
CVE-2025-12383
creationtimestamp| type| source ---|---|--- 2025-05-07 15:48:27+00:00| seen| https://t.me/NinjaSec/300 2025-11-18 16:14:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m5w53w67l62u 2026-01-16 15:45:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mckgwvnwux2z...
Linux Distros Unpatched Vulnerability : CVE-2019-12383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, ev...
CVE-2024-12383
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...
CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...
CVE-2024-12383 Binary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmwdisplaypvsetpage' function and insufficient input sanitization and output escaping of the...
CVE-2024-12383
CVE-2024-12383 refers to the Binary MLM Woocommerce WordPress plugin vulnerability. The Wordfence entry confirms a Cross‑Site Request Forgery to Stored Cross‑Site Scripting (CSRF to XSS) flaw in all versions up to 2.0, caused by missing or incorrect nonce validation in the bmw_display_pv_set_page...
RHEL 8 : thunderbird (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords...
Oracle Linux 6 : thunderbird (ELSA-2018-3403)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2018-3403 advisory. 60.2.1-5.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 60.2.1-5 - Fixing minor issues 60.2.1-3 - Revertin...
Mozilla Firefox Security Advisory (MFSA2018-20) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
SUSE: Security Advisory (SUSE-SU-2018:3476-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3591-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-12383
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is...