PT-2025-16172 · Unknown +2 · Jupyter-Remote-Desktop-Proxy +2

Name of the Vulnerable Software and Affected Versions: jupyter-remote-desktop-proxy versions 3.0.0 through 3.0.0 Description: The issue allows unauthorized network access to TigerVNC, risking system compromise, when jupyter-remote-desktop-proxy is used with TigerVNC. This vulnerability does not...

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issu...

PT-2023-1610 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.1 on the stable branch Discourse versions prior to 3.1.0.beta2 on the beta and tests-passed branches Description: The issue is related to the use of a regular expression with inefficient computational complexit...

PT-2022-17569 · Npm · Libpq +1

Name of the Vulnerable Software and Affected Versions: pg-native versions prior to 3.0.1 libpq versions prior to 1.8.10 Description: The issue is related to a Denial of Service DoS condition that occurs when the addons attempt to cast the second argument to an array and fail. This happens for eve...

PT-2020-6398 · Openexr · Openexr

Name of the Vulnerable Software and Affected Versions: OpenEXR versions prior to 3.0.1 Description: A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR. This issue allows an attacker to execute arbitrary code with the permissions of the user running the application...

PT-2020-15415 · Jenkins · Jenkins Sonargraph Integration Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sonargraph Integration Plugin versions 3.0.0 and earlier Description: The issue results in a stored cross-site scripting vulnerability due to the failure to escape the file path for the Log file field form validation. This can be...