EUVD-2025-23790

Malicious code in bioql PyPI...

Upgraded Q -> M from #254 [1674418824740]

Judge has assessed an item in Issue 254 as M risk. The relevant finding follows: 03: Lock.claimGovFees will revert with tokens that have approve race condition protection Some tokens only allow you to approve a new value if the current allowance is set to zero, e.g. USDT. This is not an issue rig...

Hyperledger indy-node vulnerable to denial of service

Impact An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose. The ledger content will not be impacted by the attack, and the ledger will...

Missing EIP-155 replay attack protection

Lines of code Vulnerability details Impact publishProject/addMember/escrow in Community and inviteContractor/updateProjectHash/addTasks/setComplete/changeOrder in Project use ecrecover for signed messages to check access. However, all signed messages that is used to check access do not include an...

CVE-2021-20517

CVE-2021-20517 affects IBM WebSphere Application Server Network Deployment (ND) 8.5 and 9.0. The vulnerability permits a remote authenticated attacker to traverse directories by sending a crafted URL containing "/.." sequences, enabling reading and deletion of arbitrary files on the system. IBM s...

Security Bulletin: WebSphere security vulnerability in IBM Content Foundation on Cloud

Summary IBM WebSphere Application Server Network Deployment security vulnerability in Content Platform Engine Container Vulnerability Details CVEID: CVE-2020-4421 DESCRIPTION: IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allow an authenticated user using openidconnect to spoo...

Security Bulletin: Remote code execution vulnerability in WebSphere Application Server ND (CVE-2020-4448)

Summary There is a remote code execution vulnerability in WebSphere Application Server Network Deployment. This has been addressed. Vulnerability Details CVEID: CVE-2020-4448 DESCRIPTION: IBM WebSphere Application Server Network Deployment could allow a remote attacker to execute arbitrary code o...

IBM WebSphere Application Server Network Deployment Code Issue Vulnerability

IBM WebSphere Application Server Network Deployment provides a flexible, secure server runtime environment for large-scale and mission-critical application deployments. A code issue vulnerability exists in IBM WebSphere Application Server Network Deployment. An attacker could exploit this...

CVE-2020-4448

IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228...

CVE-2020-4448

CVE-2020-4448 affects IBM WebSphere Application Server Network Deployment (ND) on versions 7.0, 8.0, 8.5 and 9.0. The vulnerability allows remote code execution by processing a specially crafted sequence of serialized objects from untrusted sources, enabling an attacker to run arbitrary code on t...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654

Summary Vulnerabilities in IBM® SDK Java Technology Edition, Versions 7 and 8 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2020. These issues are also addressed by...

CVE-2020-4347

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412...

CVE-2020-4347

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412...

CVE-2020-4347

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. IBM X-Force ID: 178412...

CVE-2020-4347

IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7 are affected by CVE-2020-4347 due to insecure file permissions for WebSphere Application Server Network Deployment (WAS ND) files, enabling privilege escalation. Affected products are InfoSphere Information Server (and on Cloud) with...

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364...

CVE-2019-4505

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364...

CVE-2019-4505

CVE-2019-4505 affects IBM WebSphere Application Server Network Deployment (ND) across multiple release lines (e.g., 9.0.0.0, 8.5.x, 8.0, 7.0, 6.1). A remote attacker can obtain sensitive information by sending a specially crafted URL, potentially allowing viewing of files in a restricted director...

PT-2019-17110 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Network Deployment Description: The issue allows a remote attacker to obtain sensitive information by sending a specially-crafted URL, which can lead to viewing any file in a certain...

IBM WebSphere Application Server Information Disclosure Vulnerability (CNVD-2019-34594)

IBM WebSphere Application Server WAS is an application server product from IBM in the United States. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An information disclosure vulnerability exists in Network Deploymen...