Injection sha.js Dependency in Jira Service Management Data Center and Server

This High severity Injection vulnerability was introduced in versions 10.3.0, 11.0.0, 11.1.0, and 11.2.0 of Jira Service Management Data Center and Server. This Injection vulnerability, with a CVSS Score of 7.4 and a CVSS Vector of code:java CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:Hcode allows...

OpenJDK: RangeCheckElimination array index overflow (8323231)

A vulnerability in Oracle Java SE and GraalVM Hotspot component affects multiple versions, allowing an unauthenticated attacker with network access to modify or access critical data. Exploitation is difficult but possible via APIs, such as web services supplying data. It also impacts Java...

Security Bulletin: Vulnerabilities in IBM Semeru Runtime affects Host On-Demand

Summary There is a vulnerability in IBM Semeru Runtime used by Host On-Demand. Host On-Demand has provided a fix for the applicable CVE. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK April 2023 CPU. Vulnerability Details...

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

Out-of-bounds Write in zlib affects Nokogiri

Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri = v1.13.4. Impact CVE-2018-25032 ...

Security Bulletin: IBM API Connect V5 is vulnerable to sensitive information leak (CVE-2020-4899)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-4899 DESCRIPTION: IBM API Connect could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. CVSS Bas...

Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION:The IBM Java Runtime...

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. Recent assessments:...

Huawei Flybox B660 Router - Auth Bypass Vulnerability

Document Title: =============== Huawei Flybox B660 Router - Auth Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2010 Huawei ID: 558969357627813 Release Date: ============= 2016-11-18 Vulnerability Laboratory ID VL-ID:...

Hi Technology & Services CMS - SQL Injection Vulnerabilities

Document Title: =============== Hi Technology & Services CMS - SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1785 Release Date: ============= 2016-03-22 Vulnerability Laboratory ID VL-ID: ==================================...