202 matches found
CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...
CVE-2024-51755
Twig is a PHP templating engine. CVE-2024-51755 describes a sandbox vulnerability where an attacker could access attributes of Array-like objects because policy checks were not applied before the __isset() call; the check now occurs via the property policy and then __isset() is invoked. This conf...
Malicious code in @maps-bc/i18n (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4aadf453111b6be9daf1b61a25c3d7201dbed9584797b6213c4608623e9dbeb The OpenSSF Package Analysis project identified '@maps-bc/i18n' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in @maps-bc/runtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10155ba7c84ace28dedd143dcb15c74cf718077864c2940d65e11f748f2b7db1 The OpenSSF Package Analysis project identified '@maps-bc/runtime' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
The vulnerability of Microprogrammed Software in Synology cameras such as BC500, TC500, and CC400W arises from access control errors, allowing attackers to execute arbitrary code.
The vulnerability of the microprogramming software of Synology BC500, Synology TC500, and Synology CC400W is related to access control errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Malicious code in eslint-config-bc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df69ef80bd1fa8d92354d60af1310a623bcc81f45747601445f423c670e0545 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-9437 Malicious code in eslint-config-bc (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df69ef80bd1fa8d92354d60af1310a623bcc81f45747601445f423c670e0545 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Atlassian Confluence < 7.19.26 / 7.20.x < 8.5.12 / 8.6.x < 8.9.4 / 9.0.1 (CONFSERVER-97723)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-97723 advisory. - An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5...
Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities
Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...
Malicious code in bc-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3941632e7872e79a931f3a5f41f3fc042aab5864ebf162ea08ec70ebd5bc1d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8939 Malicious code in bc-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3941632e7872e79a931f3a5f41f3fc042aab5864ebf162ea08ec70ebd5bc1d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to Bouncy Castle BC-FJA
Summary IBM Sterling Connect:Direct Web Service 6.1 and 6.2 is vulnerable to BC version 1.75 . We have upgraded to version 1.78 to fix CVE-2022-45146. Vulnerability Details CVEID:CVE-2022-45146 DESCRIPTION: The Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive...
CVE-2024-6127
CVE-2024-6127 affects BC Security Empire before 5.9.3. It is a path-traversal vulnerability that can enable remote code execution. An unauthenticated attacker can trigger the issue over HTTP by acting as a normal agent, completing cryptographic handshakes, and uploading payload data containing a ...
CVE-2024-6127 BC Security Empire Path Traversal RCE
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...
CVE-2024-6127 BC Security Empire Path Traversal RCE
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...
MAL-2024-1815 Malicious code in bc-baseline (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in bc-baseline (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
UBUNTU-CVE-2021-47360
In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...