Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to arbitrary code execution due to an unsafe deserialization flaw (CVE-2022-40609).

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an attacker executing arbitrary code due to an unsafe deserialization flaw as described in the vulnerability details section. The vulnerability is fixed by applying an IBM i Group PTF for...

Spring-Kafka has Java Deserialization vulnerability When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers...

PT-2023-4846 · D Link · D-Link Dap-2622

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2622 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. The specific flaw exists within the DDP service, resulti...

Debian dla-3539 : libqt4-dbg - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3539 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3539-1 [email protected]...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF...

Artifex Software MuPDF 资源管理错误漏洞

Artifex Software MuPDF is a free and lightweight PDF reader from Artifex Software, USA. A security vulnerability exists in Artifex Software MuPDF version 1.16.0, which originates from a post-release reuse vulnerability in the svgdevtextspanaspathsdefs function in source/fitz/svg-device.c. The...

TP-LINK Smart bulb Tapo 安全漏洞

TP-LINK Smart bulb Tapo is a smart bulb from China P&L TP-LINK. An information disclosure vulnerability exists in the TP-LINK Smart bulb Tapo series L530 and Tapo Application, which can be exploited by an attacker to obtain sensitive information via the IV component of the AES128-CBC feature...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL version 12.2 that could...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used for processing SVG-format images. A code issue vulnerability exists in Apache XML Graphics Batik version 1.16, which stems from the presence of a Server Request Forgery SSRF vulnerability. An...

Security Bulletin: IBM Informix JDBC Driver Is Vulnerable to Remote Code Execution (CVE-2023-27866)

Summary IBM Informix JDBC Driver is susceptible to remote code execution attack. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-27866 DESCRIPTION: IBM Informix JDBC Driver is susceptible to remote code execution attack via JNDI injection when driver code or the application...

The vulnerability of the `derive_spatial_luma_vector_prediction` function in the `motion.cc` component of the H.265 Libde265 video encoder allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the derivespatiallumavectorprediction function in the motion.cc component of the H.265 Libde265 codec implementation is related to buffer overflow attacks. Exploiting this vulnerability could allow attackers to access confidential data, compromise its integrity, and even caus...

ASUSTOR Data Master Command Injection Vulnerability

ASUSTOR Data Master is a specialized operating system on ASUSTOR NAS from ASUS, China. ASUSTOR Data Master suffers from a command injection vulnerability that stems from the Printer service feature failing to properly filter constructed command special characters, commands, etc. The vulnerability...

Third-Party Dependency Vulnerability in Jira Service Management Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in version 4.20.0 of Jira Service Management Data Center and Server. This vulnerability, with CVSS Scores of 7.5, and CVSS Vectors of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, allows an unauthenticated attacker to expose...

ASUSTOR Data Master 命令注入漏洞

ASUSTOR Data Master is a specialized operating system on ASUSTOR NAS from ASUS, China. ASUSTOR Data Master suffers from a command injection vulnerability that stems from the Printer service feature failing to properly filter constructed command special characters, commands, etc. The vulnerability...

CVE-2023-39115

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document...

What's New in CVSS v4

The pending update to the Common Common Vulnerability Scoring System CVSS, version 4.0, has garnered a noticeable volume of articles, blog posts and watercooler now known as Slack and Zoom air time. Reaction from the community has been positive, with general sentiment pinned somewhere near...

SVG Loader Cross-Site Scripting Vulnerability

SVG Loader is a simple JS library that uses XHR to fetch SVG and injects SVG code into the location of the tag. A cross-site scripting vulnerability exists in SVG Loader version 1.6.8 and prior versions, which stems from insufficient input cleanup logic and can be easily bypassed...

The vulnerability of Intel microprogramming software, related to the leakage of information from vector registers, allows attackers to gain access to protected information.

The vulnerability of Intel microprogramming software is related to the leakage of information from vector registers. Exploiting this vulnerability can allow an attacker to gain access to protected information...

CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...