11 matches found
EUVD-2023-40743
Malicious code in bioql PyPI...
Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration
Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...
Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service attack due to Apache Axis (CVE-2023-40743)
Summary IBM Sterling Control Center uses Apache Axis. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input...
Ubuntu: Security Advisory (USN-6470-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6470-1: Axis vulnerability
It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2023-40743...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Axis vulnerability (USN-6470-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6470-1 advisory. It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked...
Debian: Security Advisory (DLA-3622-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3622-1] axis security update
Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 17, 2023 https://wiki.debian.org/LTS Package : axis Version : 1.4-28+deb10u1 CVE ID : CVE-2023-40743 Debian Bug : 1051288 Letian Yuan discovered a flaw in Apache Axis 1.x, a SOA...
CVE-2023-40743
creationtimestamp| type| source ---|---|--- 2023-09-05 18:17:06+00:00| published-proof-of-concept| https://t.me/cibsecurity/69856...
cn.net.vidyo:dylink-vidyo-ws-sdk (>=2.1.0.16.RELEASE <=3.0.0.3.RELEASE), com.aftia.plugin:aem-build-maven-plugin.core (>=1.2.1 <=1.2.2) +286 more potentially affected by CVE-2023-40743 via org.apache.axis:axis (=1.4)
org.apache.axis:axis MAVEN version =1.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.axis:axis and may be impacted: - cn.net.vidyo:dylink-vidyo-ws-sdk =2.1.0.16.RELEASE, =1.2.1, =1.0.0, =1.4-build003, =0.9.1, =0.0.3.M1, =0.0.3.M1,...
CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...