Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2023-40167 DESCRIPTION: Jetty is...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2021:4162)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4162 advisory. - psutil aka python-psutil through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts...

Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server

Summary Security Bulletin: IBM Rational Build Forge 8.0.0.24 addresses multiple vulnerabilities by updating Apache Tomcat Server Vulnerability Details CVEID:CVE-2023-28708 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the missing of secure...

Medium: squid

Issue Overview: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. CVE-2021-28116 An issue was discovered in Squid...

Debian: Security Advisory (DLA-3575-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3575 : idle-python2.7 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3575 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3575-1 [email protected]...

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Vulnerability

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible to induce the...

Drupal 10.1.2 Web Cache Poisoning

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

Drupal 10.1.2 - web-cache-poisoning-External-service-interaction

Title: drupal-10.1.2 web-cache-poisoning-External-service-interaction Author: nu11secur1ty Date: 08/30/2023 Vendor: https://www.drupal.org/ Software: https://www.drupal.org/download Reference: https://portswigger.net/kb/issues/00300210external-service-interaction-http Description: It is possible ...

Cisco Unified Contact Center Express Input Validation Error Vulnerability (CNVD-2023-93334)

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

Input validation

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

CVE-2023-20232

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

CVE-2023-20232

Cisco Unified Contact Center Express (Unified CCX) is affected by CVE-2023-20232 due to improper input validation in the Tomcat-based web proxy component exposed via the Finesse Portal. The issue allows an unauthenticated, remote attacker to perform a web cache poisoning attack by sending crafted...

Cisco Unified Contact Center Express Finesse Portal Web Cache Poisoning Vulnerability

A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could...

Cisco Unified Contact Center Express 输入验证错误漏洞

Cisco Unified Contact Center Express Unified CCX is a customer relationship management component of a unified communications solution from Cisco. The component supports features such as self-service voice, call distribution, and customer access control. An input validation error vulnerability...

PT-2023-4434 · Cisco +1 · Cisco Unified Contact Center Express +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Contact Center Express Unified CCX affected versions not specified Description: A vulnerability in the Tomcat implementation could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected...

Security Bulletin: Netty is vulnerable to CVE-2022-41915 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netty which is vulnerable to CVE-2022-41915. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an iterator of value...

CVE-2023-37276

A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTPS request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting...