CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-32007, CVE-2024-29736. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.

Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only...

CVE-2024-29736

A Server-side request forgery SSRF vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured. Mitigation Mitigation for this issue is...

CVE-2024-29736

creationtimestamp| type| source ---|---|--- 2024-07-19 12:01:50+00:00| seen| https://t.me/cvedetector/1208...

cv.igrp:igrp-core (>=2.0.0.231123-RC1 <=2.0.0.250216-GA), net.n2oapp.framework.security:coverage (>=7.2.0 <=8.0.13) +111 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=4.0.0 <=4.0.4)

org.apache.cxf:cxf-rt-rs-service-description MAVEN version =4.0.0, =2.0.0.231123-RC1, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =6.1.1, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...

io.hyte.platform:hyte-db (=4.4.6.hyte-24270), io.hyte.platform:hyte-mq (=4.4.6.hyte-24270) +23 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=3.6.0 <=3.6.3)

org.apache.cxf:cxf-rt-rs-service-description MAVEN version =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...

CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2023-29736

creationtimestamp| type| source ---|---|--- 2023-06-02 04:47:36+00:00| seen| https://t.me/cibsecurity/64873 2025-01-09 18:17:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1002...

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution...

CVE-2023-29736

CVE-2023-29736 affects Keyboard Themes for Android, version 1.275.1.164. A dictionary traversal vulnerability allows unauthorized apps to overwrite arbitrary files in internal storage and achieve arbitrary code execution. Multiple sources summarize impacts to confidentiality, integrity, and avail...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID:CVE-2021-29736 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-29736)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

Security Bulletin: A security vulnerability ( CVE-2021-29736 ) has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability to remote users Privilege Escalation CVE-2021-29736 has been published in a security bulletin Vulnerability Details Refe...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-29736)

Summary IBM WebSphere Application Server WAS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. Vulnerability Details Refer to the...