CVE-2023-28023

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

CVE-2023-28023

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

Cross site request forgery (csrf)

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

CVE-2023-28023 HCL BigFix WebUI Software Distribution is affected by a cross site server request forgery vulnerability

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems server machine and all the ones in its network...

CVE-2023-28023

The CVE-2023-28023 issue affects the BigFix WebUI Software Distribution interface (versions prior to 44). A cross-site request forgery allows an attacker to access files on server-side systems (server machine and networked hosts). The PT Security advisory for BigFix WebUI recommends upgrading to ...

VirusTotal Data Leak Exposes Some Registered Customers' Details

Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, were exposed after an employee inadvertently uploaded the information to the malware scanning platform. The security incident, which comprises a database of 5,600 names in a 313KB file,...

PT-2023-21489 · Ibm · Bigfix Webui

Name of the Vulnerable Software and Affected Versions: BigFix WebUI Software Distribution interface site versions prior to 44 Description: A cross-site request forgery issue in the BigFix WebUI Software Distribution interface site allows an NMO attacker to access files on server-side systems,...

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to trigger a service failure.

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Incorrect distribution of shares and liquidity as a result of total number of shares not equaling 100

Lines of code Vulnerability details Impact If the shares are not properly validated and do not add up to 100, there will be an imbalance in the distribution of funds resulting in loss of funds or locked funds that cannot be accessed or distributed correctly. Proof of Concept The constructor of th...

distributionworkshop.com Cross Site Scripting vulnerability OBB-3510102

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification (OCI Distribution Specification) lies in a type mixing error. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the application for simplifying and standardizing the distribution of content within Open Container Initiative Distribution Specification OCI Distribution Specification is related to an error in mixing types during the processing of the Content-Type header, which contains...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-31007 via org.apache.pulsar:pulsar-broker (=2.11.0)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...

io.github.embedded-middleware:embedded-pulsar-core (>=0.0.4 <=0.0.5), org.apache.pulsar:pulsar-broker-auth-athenz (=2.11.0) +3 more potentially affected by CVE-2023-30428 via org.apache.pulsar:pulsar-broker (=2.11.0)

org.apache.pulsar:pulsar-broker MAVEN version =2.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-broker and may be impacted: - io.github.embedded-middleware:embedded-pulsar-core =0.0.4, =0.0.5 -...

CVE-2023-35326

Windows CDP User Components Information Disclosure Vulnerability...

Security Bulletin: Multiple operator framework security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Summary symlink is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework CVE-2015-3627. Distribution is used by IBM Robotic Process Automation as part of the operator framework CVE-2023-2253. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink...

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to trigger a service failure.

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

[SECURITY] [DSA 5450-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5450-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 07, 2023 https://www.debian.org/security/faq -...

DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors

The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. The updated variant, written in Golang, "implements an additional security...

[M] Mining rewards are not distributed to users

Lines of code Vulnerability details Impact Expected mining rewards in distributeRewards are not distributed due to a revert in purchaseOtherEarnings. Proof of Concept A missing mintVault implementation in transferFrom will inevitably cause a revert in purchaseOtherEarnings. This means expected...

Incorrect poolTotalEUSDCirculation Calculation

Lines of code Vulnerability details Impact poolTotalEUSDCirculation calculated incorerctly so it can effect reward distribution Proof of Concept The following line of code deduces repaid amount from poolTotalEUSDCirculation while the fee that is part of repaid amount will be distribute as rewards...