7488 matches found
com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +704 more potentially affected by CVE-2023-44487 via org.eclipse.jetty.http2:jetty-http2-server (>=12.0.0 <=12.0.19)
org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.0.0, =5.3.1, =2.6.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.295, =0.295, =0.295, =0.295, =0.295, =0.296 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...
Improper access control
A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...
Security Bulletin: Multipe vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affects IBM Tivoli Network Configuration Manager.
Summary Multipe vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration v6.4.2. CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details...
Siemens SINEC NMS 安全漏洞
Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. The Siemens SINEC NMS suffers from an Incorrect Privilege Assignment...
cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), cn.herodotus.engine:access-core (>=2.7.2.3 <=3.1.4.2) +817 more potentially affected by CVE-2023-43643 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.7.3)
org.owasp.antisamy:antisamy MAVEN version =1.4.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.0.0, =2.7.0.Beta1, =2.7.0.0, =2.7.0.Beta1, =2.7.0.0, =2.7.0.0, =2.7.0.0, =2.7.0.10, =3.1.4.2 and more Source cves: CVE-2023-43643 Source advisory: OSV:GHSA-PCF2-GH6G-H5R2...
python3.11 security update
An update is available for python3.11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an accessible, high-level, dynamically typed, interpreted...
Important: Red Hat Security Advisory: glibc security update
An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Fedora: Security Advisory (FEDORA-2023-63e5a77522)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-40299
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLDINSERTLIBRARIES environment variable...
[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...
[SECURITY] Fedora 38 Update: glibc-2.37-10.fc38
The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...
PT-2023-27366 · Kong · Kong Insomnia
Name of the Vulnerable Software and Affected Versions: Kong Insomnia version 2023.4.0 Description: The issue allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD INSERT LIBRARIES environment variable. This can be exploited on macOS...
Critical vulnerabilities in media libraries exploited in the wild: everything you need to know
Delving into CVE-2023-4863 and CVE-2023-5217 - critical vulnerabilities in libwebp and libvpx exploited in the wild...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle...
Engineers Online Portal SQL Injection Vulnerability
Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...
Security Bulletin: IBM Operational Decision Manager September 2023 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-2253...
ai.catboost:catboost-spark_2.3_2.11 (>=1.2.1 <=1.2.7), ai.catboost:catboost-spark_2.4_2.11 (>=1.2.1 <=1.2.7) +6295 more potentially affected by CVE-2023-43642 via org.xerial.snappy:snappy-java (>=1.0.1-rc3 <=1.1.10.3)
org.xerial.snappy:snappy-java MAVEN version =1.0.1-rc3, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.1, =1.2.3, =1.2.3, =0.13.0, =0.14.0 and more Source cves: CVE-2023-43642 Source advisory: OSV:GHSA-55G7-9CWV-5QFV...
[SECURITY] Fedora 37 Update: dotnet7.0-7.0.111-1.fc37
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
[SECURITY] Fedora 38 Update: dotnet6.0-6.0.122-1.fc38
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...
[SECURITY] Fedora 38 Update: dotnet7.0-7.0.111-1.fc38
.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...