32 matches found
Security Bulletin: tough-cookie Prototype Pollution Vulnerability in CookieJar, affects watsonx.data
Summary ough-cookie versions prior to 4.1.3 are vulnerable to prototype pollution when using CookieJar with rejectPublicSuffixes=false due to improper object initialization. Fixed in version 4.1.3. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of t...
Linux Distros Unpatched Vulnerability : CVE-2023-26136
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in...
Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in ToughCookie via Grafana (CVE-2023-26136)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-26136 Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of the package tough-cookie before 4.1.3 are vulnerable to...
Exploit for Prototype Pollution in Salesforce Tough-Cookie
CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution
Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...
RHEL 8 : tough-cookie (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - tough-cookie: prototype pollution in cookie memstore CVE-2023-26136 Note that Nessus has not tested for this issue...
Mageia: Security Advisory (MGASA-2024-0080)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
Summary IBM Planning Analytics Workspace is considered vulnerable to a Malicious File Upload vulnerability which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2023-42017. This vulnerability has been addressed. IBM Planning...
MGASA-2024-0080 Updated nodejs-tough-cookie packages fix security vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...
Updated nodejs-tough-cookie packages fix security vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. CVE-2023-26136...
Fedora: Security Advisory (FEDORA-2024-28fc0c2ef4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for yarnpkg (FEDORA-2024-5ecc250449)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable toSalesforce tough-cookie arbitrary code execution vulnerabilitiy [CVE-2023-26136]
Summary Potential Salesforce tough-cookie arbitrary code execution vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-26136 Vulnerability Details...
CVE-2023-26136
creationtimestamp| type| source ---|---|--- 2023-12-06 10:47:06+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/6094 2023-12-07 12:25:57+00:00| seen| https://t.me/arpsyndicate/1537 2025-02-04 16:00:09+00:00| published-proof-of-concept|...
Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.2 security and bug fix update
The Migration Toolkit for Containers MTC 1.8.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.0 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: Logging Subsystem 5.5.17 - Red Hat OpenShift security update
Logging Subsystem 5.5.17 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Logging Subsystem 5.6.12 - Red Hat OpenShift security update
Logging Subsystem 5.6.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8 (Important) (RHSA-2023:5485)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5485 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 7
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...