737 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094...
RHEL 8 / 9 : OpenShift Container Platform 4.14.36 (RHSA-2024:6412)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6412 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.30 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.30 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
CVE-2024-8417
A vulnerability was found in 云课网络科技有限公司 Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html. The manipulation leads to inclusion of sensitive information in source code. The attack can be...
CVE-2024-45391 Tina search token leak via lock file in TinaCMS
Tina is an open-source content management system CMS. Sites building with Tina CMS's command line interface CLI prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file tina-lock.json. Administrators of Tina-enabled websites with search setup...
CVE-2023-7279 Secure Systems Engineering Connaisseur Delegation Name targets_schema.json redos
A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for vulnerability impact...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.64 security update
Red Hat OpenShift Container Platform release 4.12.64 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified...
request_store has Incorrect Default Permissions
Impact The files published as part of requeststore 1.3.2 have 0666 permissions, meaning that they are world-writable, which allows local users to execute arbitrary code. This version was published in 2017, and most production environments do not allow access for local users, so the chances of thi...
BIT-VALKEY-2022-3647 Redis Crash Report debug.c sigsegvHandler denial of service
DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitabili...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.15.28 packages and security update
Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.35 security update
Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
RHEL 8 / 9 : OpenShift Container Platform 4.14.35 (RHSA-2024:5436)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5436 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.63 security and extras update
Red Hat OpenShift Container Platform release 4.12.63 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...
PT-2024-30443 · Tribulant · Tribulant Newsletters
Name of the Vulnerable Software and Affected Versions: Tribulant Newsletters versions 4.9.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...
CVE-2024-43366
CVE-2024-43366 concerns the zkvyper Vyper compiler. From versions 1.3.12 up to 1.5.3, the LLL IR may be compiled into a loop with a late exit condition due to insufficient Turing-noncompleteness checks, potentially causing loss of funds or other unwanted behavior if the loop body contains it. Rea...
CVE-2024-43366 zkvyper ignored loop range bounds
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...