7485 matches found
CVE-2023-38335
Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...
CVE-2023-38334
Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis...
PT-2023-26369 · Omnis · Omnis Studio
Name of the Vulnerable Software and Affected Versions: Omnis Studio version 10.22.00 Description: The issue is related to incorrect access control in Omnis Studio. It has a feature to make Omnis libraries "always private", which is supposed to be an irreversible operation. However, due to...
Omnis Studio 安全漏洞
Omnis Studio is a rapid application development tool from Omnis. A security vulnerability exists in Omnis Studio version 10.22.00, which stems from an improper access control issue that allows private Omnis libraries to be opened by the Omnis Studio browser...
OpenBSD OpenSSH < 9.3p2 RCE Vulnerability
OpenBSD OpenSSH is prone to a remote code execution RCE vulnerability in OpenSSH SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
br.com.nitertech:jwt (>=1.1.4.2 <=1.1.5), cn.herodotus.engine:oauth2-sdk-authentication (>=3.0.6.4 <=3.1.1.3) +314 more potentially affected by CVE-2023-34034 via org.springframework.security:spring-security-config (>=6.1.0 <=6.1.1)
org.springframework.security:spring-security-config MAVEN version =6.1.0, =1.1.4.2, =3.0.6.4, =3.0.6.4, =3.0.6.4, =3.0.6.4, =4.0.1, =4.0.1, =0.1.0, =6.1.11, =6.1.11, =7.0.0, =7.0.0, =6.1.11, =6.1.11, =6.2.0 and more Source cves: CVE-2023-34034 Source advisory: OSV:GHSA-3H6F-G5F3-GC4W...
USN-6237-1: curl vulnerabilities
Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. CVE-2023-28321 Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain...
OpenSSH -- remote code execution via a forwarded agent socket
OpenSSH project reports: Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent1's PKCS11 support could be abused to achieve remote code execution via a forwarded agent socket if the following conditions are met: Exploitation requires the presence of specific libraries on t...
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (April 2023) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified...
Security Bulletin: IBM Event Streams is affected by multiple Semaru Java vulnerabilities
Summary IBM Event Streams has addressed the following IBM Semaru Java vulnerabilities before version 17.0.7.0 CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...
ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.berktest:BerkClient (>=1.0.0 <=1.0.3) +16308 more potentially affected by CVE-2023-3635 via com.squareup.okio:okio (>=0.6.0 <=1.17.5)
com.squareup.okio:okio MAVEN version =0.6.0, =0.5.0, =1.0.0, =0.80.7, =0.80.7, =0.80.7, =0.80.7, =3.24.0.1, =3.0.1.4, =3.32.0.1-2-2.1, =3.32.0.1-2-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.36.0.2-1-3.1 and more Source cves: CVE-2023-3635 Source advisory:...
Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines
Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...
OESA-2023-1411 guava20 security update
Guava is a set of core libraries that includes new collection types ,immutable collections, a graph library, and utilities for concurrency, I/O, hashing, primitives, strings, and more. Security Fixes: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google...
The vulnerabilities of the libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—programming environments for rendering 3D models by Luxion KeyShot—allow attackers to execute arbitrary code.
The vulnerability of the Luxion KeyShot 3D-modeling software libraries—CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr—is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition
Summary Potential unspecified multiple vulnerabilities in Oracle Java SE, Oracle GraalVM Enterprise Edition has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...
com.baomidou:kisso (>=2.0 <=3.6.10), com.baomidou:spring-wind (>=1.0 <=1.1.4) +91 more potentially affected by CVE-2023-33201 via org.bouncycastle:bcprov-jdk14 (>=1.49 <=1.73)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.49, =2.0, =1.0, =9.1.20, =0.1.1, =1.5.4, =2.2, =2.0.1, =7.0, =1.5, =12.3, =22.2.3 and more Source cves: CVE-2023-33201 Source advisory: OSV:GHSA-HR8G-6V94-X4M9...
PAX Technology A930 安全漏洞
PAX Technology A930 is an Android mobile payment terminal from PAX Global PAX Technology, China. A security vulnerability exists in the PAX A930 PayDroid7.1.1VirgoV04.5.0220220722 version, which originates from a vulnerability that allows an attacker to compile malicious shared libraries and bypa...
Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Multiple CVEs may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details...