738 matches found
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7658
ProjectSend (up to r1605) has a vulnerability in the get_preview function of process.php that allows improper control of resource identifiers, potentially exploitable remotely. Multiple sources (NVD, Red Hat, osv.dev, CVE listings, PT Security) consistently describe this as a resource-ID manipula...
CVE-2024-7658 projectsend process.php get_preview resource injection
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable Vulnerability Details CVEID:CVE-2024-21094...
Security Bulletin: Apache Santuario Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2023-44483]
Summary Vulnerability found in Apache Santuario WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Liberty patternType pType. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain...
Security Bulletin: Vulnerability in beego affects Cloud Pak System [CVE-2022-31836]
Summary Vulnerability in beego affects Cloud Pak System. IBM Cloud Pak System addrressed vulnerability. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in the leafInfo.match function. An attacker...
GHSA-567V-6HMG-6QG7 ZITADEL "ignoring unknown usernames" vulnerability
Impact ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. If enabled, ZITADEL will show the password prompt even if the user doesn't exist and report "Username or Password invalid". Due to a...
GHSA-692V-783F-MG8X XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Impact By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a XWiki...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.4 packages and security update
Red Hat OpenShift Container Platform release 4.16.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...
USN-6913-1 php-cas vulnerability
Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. Afte...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.45 packages and security update
Red Hat OpenShift Container Platform release 4.13.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
UBUNTU-CVE-2024-40630
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities
Summary IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK Tech Edition CPU vulnerabilities attached to this Security Bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...
Security Bulletin: A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard.
Summary A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details IBM X-Force ID: 255317 DESCRIPTION: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log write...
CVE-2024-37389
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2024-37532)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Storage Protect Server is susceptible to numerous vulnerabilities due to Golang Go
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of confidentiality and integrity and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-45285, CVE-2023-39326, CVE-2023-45283...
Security Bulletin: Vulnerability in tqdm affects IBM Process Mining CVE-2024-34062
Summary There is a vulnerability in tqdm that could allow an local authenticated attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34062...
Security Bulletin: Vulnerability in Bouncy Castle Crypto Package For Java affects IBM Process Mining CVE-2024-34447
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.60 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...