907 matches found
SUSE CVE-2017-1000397
Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient...
SUSE CVE-2017-1000402
Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks...
SUSE CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get.contentLength does not raise any error if a malicious server provides a negative Content-Length...
Security Bulletin: Multiple Vulnerabilities in Java packages affect IBM Voice Gateway
Summary Security Vulnerabilities in Java packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...
Security Bulletin: A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Summary A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and a remediation/fix for this issue. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypas...
Security Bulletin: IBM Stering B2B Integrator is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability in Apache HttpClient. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...
OpenTSDB 2.4.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenTSDB 2.4.0 unauthenticated command injection', 'Description' = %q This module exploits an unauthenticated command injection vulnerability in...
Security Bulletin: Apache Commons HttpClient 3.x (and few others) allow Man-In-The-Middle (MITM) attack
Summary Apache Commons HttpClient 3.x and few others used do not verify the server hostname in the subject Common Name CN and allows Man-In-The-Middle MITM attack Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS...
Security Bulletin: Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2020-13956)
Summary There is a potential vulnerability in Apache HttpClient that could allow remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling...
.NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
GHSA-485P-MRJ5-8W2V .NET Denial of Service Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5....
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory...
Denial of Service (DoS)
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Denial of Service DoS via excess memory...
Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics
Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: A vulnerability in Apache HttpClient affects IBM Tivoli Business Service Manager (CVE-2020-13956)
Summary Apache HttpClient is shipped with IBM Tivoli Business Manager 6.2.0 as part of is web service infrastructure. Information about security vulnerabilities affecting Apache HttpClient has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache...
Security Bulletin: A security vulnerability has been identified in Apache HttpClient shipped with IBM Tivoli Netcool Impact (CVE-2020-13956)
Summary Apache HttpClient is shipped with IBM Tivoli Netcool Impact to handle HTTP communications. . Information about a security vulnerability affecting Apache HttpClient has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...
Bitbucket Git Command Injection Exploit
Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/projectKey/repos/repositorySlug/archive endpoint creates an archive of the repository, leveraging the git-archive...