CVE-2023-6276

Tongda OA 2017 up to 11.9 contains a SQL injection in delete.php due to manipulation of the PROJ_ID_STR parameter. The vulnerability can be triggered remotely and has been publicly disclosed. Upgrading to version 11.10 addresses this issue. Affected component is general/wiki/cp/ct/delete.php; the...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 4.20.0, 5.4.0, 5.5.0, 5.6.0, 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0 of Jira Service Management Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.23 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

RHEL 7 : kernel-rt (RHSA-2023:7424)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7424 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.43 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Oracle Linux 9 : runc (ELSA-2023-6380)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6380 advisory. - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - runc 1.1.5 resolves CVE-2023-25809 and CVE-2023-27561 Tenable has extracte...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.22 security and extras update

Red Hat OpenShift Container Platform release 4.13.22 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of...

CVE-2018-25093 Vaerys-Dawn DiscordSailv2 Tag access control

A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The...

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3....

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.41 packages and security update

Red Hat OpenShift Container Platform release 4.12.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 security and extras update

Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a security impact of...

Security Bulletin: IBM Event Processing contains a vulnerability in okhttp Java

Summary Operator of IBM Event Processing contains a vulnerability in Okio-jvm which is vulnerable to a denial of service CVE-2023-3635. Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a special...

Security Bulletin: IBM Event Endpoint Management is vulnerable to a denial of service

Summary Operator of IBM Event Endpoint Management is vulnerable to a denial of service of the Okio client CVE-2023-3635 Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzip...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719, CVE-2023-38740, CVE-2023-30991, CVE-2023-38720,...

CVE-2023-5783

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approvecenter/flowsort/flow/delete.php. The manipulation of the argument id/sortparent leads to sql injection. The attack c...

Heap overflow

A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events perf component can be exploited to achieve local privilege escalation. If perfreadgroup is called while an event's siblinglist is smaller than its child's siblinglist, it can increment or write to memor...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.40 security and extras update

Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.17 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.17 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...