15 matches found
Security Bulletin: IBM Operations Analytics – Log Analysis is affected by a security feature bypass due to Azure SDK for Java
Summary Azure SDK for Java is used by IBM Operations Analytics – Log Analysis as part of secure, asynchronous messaging and event streaming over AMQP Advanced Message Queuing Protocol. CVE‑2020‑16971. Vulnerability Details CVEID:CVE-2020-16971 DESCRIPTION: Azure SDK for Java Security Feature Bypa...
CVE-2024-40685
IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery CSRF vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions...
EUVD-2020-29313
Malware in sbrugna...
EUVD-2022-38608
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5121
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary...
CVE-2020-15357
Network Analysis functionality in Askey AP5100WDualSIG1.01.097 and all prior versions allows remote attackers to execute arbitrary commands via a shell metacharacter in the ping, traceroute, or route options...
CVE-2024-11638
CVE-2024-11638 affects the WordPress plugin Gtbabel (versions before 6.6.9). Root cause: it does not verify that the URL to analyze is within the blog, enabling unauthenticated attackers to trigger requests that can capture a logged-in user’s cookies (e.g., admin). Impact: potential admin cookie ...
GHSA-HW34-RQC5-H2GM Duplicate Advisory: Picklescan Allows Remote Code Execution via Malicious Pickle File Bypassing Static Analysis
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-769v-p64c-89pr. This link is maintained to preserve external references. Original Description picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An...
The vulnerability of the PDF file analysis component in the ClamAV antivirus program allows a hacker to trigger a service failure.
The vulnerability of the PDF file analysis component in the ClamAV antivirus program is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service failures when the user downloads a specially crafted PDF file for analysis...
BAOTA 跨站脚本漏洞
BAOTA linux is a simple and easy-to-use Linux server operation and management panel from China Pagoda Panel BAOTA company. A security vulnerability exists in BAOTA. An attacker can exploit this vulnerability to obtain sensitive information through the log analysis function...
The vulnerability of the open implementation of the OpenLDAP protocol, related to the possibility of successful assertion during syntax analysis, allows a perpetrator to perform a denial-of-service attack.
The vulnerability of the open implementation of the OpenLDAP protocol lies in the difficulty of verifying syntax analysis. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted request to slapd...
Nec Platforms Univerge Dt 安全漏洞
Nec Platforms Univerge Dt is a series of desktop phones from Nec Platforms Japan. A security vulnerability exists in Univerge Dt that originates from the possibility of obtaining phone configuration information when analyzing packets using IP Phone Manager or data maintenance tools. The following...
The vulnerability of the syntax analysis function for domain name records in the Simotics Connect 400 software and hardware suite allows a perpetrator to cause service interruptions.
The vulnerability of the syntax analysis function for DNS domain names in the Simotics Connect 400 software/hardware suite is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
CVE-2018-20175
creationtimestamp| type| source ---|---|--- 2019-02-06 15:04:30+00:00| seen| MISP/5c5af499-e890-49e9-b1ff-26ba0a021402...
CVE-2018-1504
IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks...