Valtimo scripting engine can be used to gain access to sensitive data or resources

Impact Any admin that can create or modify and execute process-definitions could gain access to sensitive data or resources. This includes but is not limited to: - Running executables on the application host - Inspecting and extracting data from the host environment or application properties -...

Code Injection

Overview Affected versions of this package are vulnerable to Code Injection via the saveService function. If dynamic service registration is enabled which it is not by default, a privileged attacker with access to the saveService interface and the ability to modify application.properties can...

When using an Oracle DB, application properties can't be set to empty

h3. Issue Summary The jira.security.csp.sandbox.included.content.disposition application property accepts: Empty value "attachment" "inline" "attachment;inline" or "inline;attachment" If Jira is installed using an Oracle database, the empty value is never set. This happens because Oracle treats...

Spring AI with NVIDIA LLM API

Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...

Spring AI - Groq AI inference

Faster information processing not only inform—it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with supports for Tool/Function calling. Because...

Preparing for Spring Boot 3.0

Spring Boot 2.0 was the first release in the 2.x line and was published on Feburary 28th 2018. Weve just released Spring Boot 2.7 which means that, so far, weve been maintaining the 2.x line for just over 4 years. In total weve published 95 distinct releases over that timeframe! The entire Spring...

GHSA-Q4Q2-93PW-QWGF Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

Exploit for Injection in Atlassian Jira_Server

CVE-2019-11581 Atlassian JIRA Template injection vulnerabil...

Tibbo AggreGate SCADA/HMI Server Service uploadDirectory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tibbo AggreGate SCADA/HMI. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Windows service "AggreGate Server Service" agserverservice.exe. Through...

CentOS Update for dbus-glib CESA-2010:0616 centos5 i386

Check for the Version of dbus-glib OpenVAS Vulnerability Test CentOS Update for dbus-glib CESA-2010:0616 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

RedHat Update for dbus-glib RHSA-2010:0616-01

Check for the Version of dbus-glib OpenVAS Vulnerability Test RedHat Update for dbus-glib RHSA-2010:0616-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for dbus-glib RHSA-2010:0616-01

Check for the Version of dbus-glib OpenVAS Vulnerability Test RedHat Update for dbus-glib RHSA-2010:0616-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...