11 matches found
AZL-79469 CVE-2026-3381 affecting package rubygem-mini_portile2 2.8.4-1
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...
Integer Overflow or Wraparound
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the derToOid function in the asn1.js file, which decodes ASN.1...
EUVD-2023-1393
Malicious code in bioql PyPI...
CVE-2023-27603
In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...
PT-2026-20360
Name of the Vulnerable Software and Affected Versions zlib versions prior to 1.3.2 Description The software contains an issue where CPU consumption can occur through the crc32 combine64 and crc32 combine gen64 functions. This is due to the x2nmodp function potentially performing right shifts with...
PT-2023-21469 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules...
PT-2023-10330 · Unknown · E-Contract Dssp
Name of the Vulnerable Software and Affected Versions: e-Contract dssp versions up to 1.3.1 Description: A vulnerability was found in the function checkSignResponse of the file dssp-client/src/main/java/be/e contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization. PoC js var root = require"cycle-import-check" root.writeFileToTmpDirAndOpenIt"& touch JHU ", "aaa" Remediation Upgrade...
PT-2022-27312 · Artifex · Artifex Mujs
Name of the Vulnerable Software and Affected Versions: Artifex MuJS versions 1.0.0 through 1.3.1 Description: A logical issue in the O getOwnPropertyDescriptor function allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file...
PT-2016-7118 · Apache +2 · Apache Shiro +2
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.3.2 Description: The issue allows attackers to bypass intended servlet filters and gain access by leveraging the use of a non-root servlet context path. Recommendations: For versions prior to 1.3.2, update to...