22 matches found
Security Bulletin: postcss-8.4.14.tgz is vulnerable to CVE-2023-44270 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses postcss-8.4.14.tgz which is vulnerable to CVE-2023-44270 Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a...
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses Pillow-9.3.0-cp37-cp37m-manylinux228x8664.whl which is vulnerable to CVE-2023-44271 Vulnerability Details CVEID:CVE-2023-44271 DESCRIPTION: Pillow is vulnerable to a denial of service, caused by a flaw with uncontrollably allocates...
DEBIAN-CVE-2023-50298
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...
DEBIAN-CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
UBUNTU-CVE-2023-50386
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
UBUNTU-CVE-2023-50298
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter. When original...
CVE-2023-50386 Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...
PT-2024-1943 · Apache · Apache Solr
Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0 Description: The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion o...
Atlassian Bitbucket < 7.21.16 / 8.8.7 / 8.9.4 / 8.10.3 / 8.11.3 / 8.12.2 RCE
The version of Atlassian Bitbucket installed on the remote host is affected by a remote code execution vulnerability as referenced in the vendor advisory. A remote, unauthenticated attacker can explioit this exposure by sending a carefully crafted yaml payload to the remote server. Note: Nessus h...
CVE-2023-49922
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
CVE-2023-49922
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
Default credentials
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
phonenumber panics on parsing crafted RFC3966 inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber,...
CVE-2023-42444 phonenumber panics on parsing crafted RF3966 inputs
phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions 0.3.3+8.13.9 and 0.2.5+8.11.3, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber,...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2018:1918-1)
This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed : - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http...
Security update for nodejs8 (moderate)
This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill or Buffer.alloc with some parameters could have lead to a hang which could have resulted in a DoS bsc1097375. - CVE-2018-7161: By interacting with the http2...
Node.js Denial-of-Service Vulnerability - 02 - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
Node.js Denial-of-Service Vulnerability - 01 - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
Node.js DoS Vulnerability - 05 - Windows
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...