Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier

Question Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Aspera Shares 1.9.4 or earlier and IBM Aspera Console 3.0.6 or earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...

Microsoft HTTP.sys 缓冲区错误漏洞

Microsoft HTTP.SYS is an HTTP application protocol developed by Microsoft Corporation. There are security vulnerabilities in Microsoft HTTP.SYS. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version 1809 for 32-bit system...

CVE-2026-2109

A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicl...

CVE-2013-2109

WordPress plugin wp-cleanfix has Remote Code Execution...

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

CVE-2025-2109 WP Compress <= 6.30.15 - Unauthenticated Server-Side Request Forgery via init Function

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2016-2109)

The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2016-2109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...

RHEL 4 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Memory corruption in the ASN.1 encoder CVE-2016-2108 - Integer overflow in the EVPEncodeUpdate...

WordPress Booster Extension Plugin <= 1.2.0 is vulnerable to Sensitive Data Exposure

Software Booster Extension Type Plugin Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2109 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c3706e2b31e0 Credits Krzysztof Zając Required...

SUSE: Security Advisory (SUSE-SU-2023:2109-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0...

CVE-2023-2109 Cross-site Scripting (XSS) - DOM in chatwoot/chatwoot

Cross-site Scripting XSS - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0...

CVE-2023-2109

CVE-2023-2109 describes a DOM-based XSS in the chatwoot/chatwoot project prior to version 2.14.0. Multiple connected sources corroborate the issue as a cross-site scripting vulnerability in the Chatwoot dashboard/chat UI, arising from unsanitized user-supplied data being inserted into the DOM (fo...

K07538415: Multiple OpenSSL vulnerabilities

Security Advisory Description On May 3, 2016, OpenSSL announced the discovery of the following vulnerabilities: CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 For the complete announcement from OpenSSL, refer to OpenSSL Security Advisory 3rd May 2016. Note :...

SUSE CVE-2008-2109

field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service CPU consumption via an ID3FIELDTYPESTRINGLIST field that ends in '\0', which triggers an infinite loop...