313 matches found
CVE-2025-0755
The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible application crash. This...
CVE-2025-0755 MongoDB C Driver bson library may be susceptible to buffer overflow
The various bsonappend functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible application crash. This...
CVE-2024-22421
JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...
IBM MQ 9.1 < 9.1.0.24 LTS / 9.2 < 9.2.0.28 LTS / 9.3 < 9.3.0.25 LTS / 9.3 < 9.4.1 CD / 9.4 < 9.4.0.6 LTS (7174363)
The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7174363 advisory. - IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could...
PT-2025-14098
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.31 MongoDB Server versions prior to 6.0.20 MongoDB Server versions prior to 7.0.16 MongoDB Server versions prior to 8.0.4 Description A MongoDB server running on Linux with TLS and CRL revocation status...
Security Bulletin: Security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.
Summary There is security vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to...
June 11, 2024—KB5039236 (OS Build 25398.950)
June 11, 2024—KB5039236 OS Build 25398.950 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...
CVE-2023-50964
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...
Exploit for Code Injection in Rejetto Http_File_Server
Rejetto HFS HTTP File Server CVE-2024-23692 Vulnerability...
PT-2024-20330 · Unknown · Mediaserver
Name of the Vulnerable Software and Affected Versions: media-server version 1.0.0 Description: A Use-After-Free UAF issue was discovered in the sip uac stop timer function. This issue is related to the /uac/sip-uac-transaction.c file. Recommendations: For media-server version 1.0.0, consider...
GHSA-44CC-43RP-5947 JupyterLab vulnerable to potential authentication and CSRF tokens leak
Impact Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. Patches JupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched. Workarounds No workaround has been identified, however users...
AZL-35354 CVE-2024-0408 affecting package xorg-x11-server for versions less than 1.20.10-5
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource as with a GetGeometry or when it creates another resource that needs to access that buffer, such as...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 – Confluence OGNL injection vulnerability Sc...
CVE-2023-42666
The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used...
CVE-2023-42666
The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the information of the version about the web server used...
DEXMA DexGate Security Vulnerability
DEXMA DexGate is a device from DEXMA, Inc. A security vulnerability exists in DEXMA DexGate version 20130114, which stems from the presence of a sensitive information disclosure vulnerability. The vulnerability can be exploited by an attacker to create a malicious request to obtain web server...
Oracle MySQL Security Vulnerabilities
Oracle MySQL is an open source relational database management system from Oracle Corporation. A security vulnerability previously existed in Oracle MySQL Server version 8.0.33, which originated from a vulnerability that allowed an attacker with elevated privileges to compromise the MySQL server v...
CVE-2023-4589
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital...
IBM InfoSphere Information Server Cross-Site Request Forgery Vulnerability (CNVD-2023-91223)
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server version...
spice 安全漏洞
spice is an adaptive telepresence open source protocol used by enterprise virtualized desktop editions. The product is primarily used to connect users to their virtual desktops and is capable of delivering the exact same end-user experience as a physical desktop. A security vulnerability exists i...