PT-2026-38821

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

PT-2026-38005

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

EUVD-2022-36990

Malicious code in bioql PyPI...

IBM Robotic Process Automation 安全漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. can help you automate more business and IT processes at scale with the ease and speed of traditional RPA. An information disclosure vulnerability exists in IBM Robotic Process Automati...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.1...

Low: Red Hat Security Advisory: [23.1] Security update for the 23.1 release (RPMs)

An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 8 : [23.1] Security update for the 23.1 (RPMs) (Low) (RHSA-2024:4079)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4079 advisory. The quarkus-mandrel-java and quarkus-mandrel-231 packages provide the GraalVM installation for the quarkus/mandrel-for-jdk-21-rhel8:23.1...

java-21-openjdk security update

1:21.0.3.0.9-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.3.0.9-1 - Update to jdk-21.0.3+9 GA - Update release notes to 21.0.3+9 - Switch to GA mode. - Sync the copy of the portable specfile with the latest update - This tarball is embargoed until 2024-04-16 @ 1pm PT. - Resolves:...

Security Bulletin: Vulnerabilities found in Jetty may affect IBM Content Collector for SAP Applications

Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Jetty. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service due to commons-fileupload-1.4.jar (CVE-2023-24998)

Summary The fix includes a new version of the commons-fileupload jar file that resolves the specified vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts ...

IBM Robotic Process Automation 信息泄露漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An information disclosure vulnerability exists in IBM Robotic Process Automati...

SUSE CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

SUSE CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

Security Bulletin: IBM Robotic Process Automation is vulnerable to man in the middle attacks

Summary IBM Robotic Process Automation defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. This could allow an attacker to obtain sensitive information using man in the middle techniques. Vulnerability Details CVEID:CVE-2023-22863 DESCRIPTION: IBM Robotic...

CVE-2022-43844

IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is vulnerable to broken access control. A user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Cloud Pak. IBM X-Force ID: 239081...

PT-2023-14373 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 Description: The issue is related to broken access control, where a user is not correctly redirected to the platform log out screen when logging out of IBM RPA for Clo...

CVE-2022-43574

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."...

Code injection

IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214...

Security Bulletin: IBM Robotic Process Automation is allows weak passwords priort to 21.0.3 (CVE-2022-35280)

Summary Prior to version 21.0.3 IBM Robotic Process Automation allowed weak passwords that may make it easier for attackers to compromise accounts. As of release 21.0.3 IBM Robotic Process Automation enforces strong passwords. Vulnerability Details CVEID:CVE-2022-35280 DESCRIPTION: IBM Robotic...