Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.

Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...

Security Bulletin: IBM Datapower Operations Dashboard could allow an attacker to map URLs to filesystem locations that are unreachable by any URL CVE-2024-38475

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network implementation Vulnerability Details CVEID:CVE-2024-38475 DESCRIPTION: Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to execute arbitrary code on the system CVE-2024-38474

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of their networking implementation Vulnerability Details CVEID:CVE-2024-38474 DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by a substitution...

JVN#26044739: Typora fails to properly neutralize JavaScript code

Typora fails to properly neutralize JavaScript code CWE-116. Impact Opening a file with the affected product may lead to execute the JavaScript code inside the file. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The...

Important: Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update

An update for rh-ruby22-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2015-1002

IniNet embeddedWebServer aka eWebServer before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string...

Possible code injection in setup script in case session variables are compromised.

PMASA-2011-6 Announcement-ID: PMASA-2011-6 Date: 2011-07-02 Summary Possible code injection in setup script in case session variables are compromised. Description An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can modify this key by modifyin...

Insufficient output sanitizing when generating configuration file.

PMASA-2010-4 Announcement-ID: PMASA-2010-4 Date: 2010-08-20 Summary Insufficient output sanitizing when generating configuration file. Description The setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration...