Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Elliptic module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Elliptic module Vulnerability Details CVEID:CVE-2024-42461 DESCRIPTION: Node.js Elliptic module could allow a remote attacker to obtain sensitive information, caused by a flaw with BER-encoded signatures are allowed. By...

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 20 4.2.0.20 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By...

Microsoft CLIPSP.SYS License update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-1966 Microsoft CLIPSP.SYS License update privilege escalation vulnerability August 13, 2024 CVE Number CVE-2024-38186 SUMMARY A privilege escalation vulnerability exists in the License update functionality of Microsoft CLIPSP.SYS 10.0.22621 Build 22621,...

Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...

Mitsubishi Electric GX Works2

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/high attack complexity Vendor: Mitsubishi Electric Equipment: GX Works2 Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a...

CVE-2021-3454

CVE-2021-3454 concerns Zephyr RTOS, where a truncated L2CAP K-frame causes an assertion failure. Multiple connected sources corroborate that Zephyr versions 2.4.0 and later are affected, due to improper handling of length parameter inconsistencies (CWE-130) and a reachable assertion (CWE-617). Av...

CVE-2021-3454 Truncated L2CAP K-frame causes assertion failure

Truncated L2CAP K-frame causes assertion failure. Zephyr versions = 2.4.0, = v.2.50 contain Improper Handling of Length Parameter Inconsistency CWE-130, Reachable Assertion CWE-617. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-vrp3...

CVE-2020-10065

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Length Parameter Inconsistency CWE-130. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c...

Input validation

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Length Parameter Inconsistency CWE-130. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c...

CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI

Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions = v1.14.2, = v2.2.0 contain Improper Handling of Length Parameter Inconsistency CWE-130. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c...

CVE-2020-10065

CVE-2020-10065 affects Zephyr’s Bluetooth HCI over SPI. The issue is missing size checks due to improper handling of the length parameter (CWE-130) in Zephyr versions >= v1.14.2 and >= v2.2.0. The advisories reference GHSA-hg2w-62p6-g67c; no patch/affected patch version is provided in the s...

Rockwell Automation Allen-Bradley Micrologix 1100

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Allen-Bradley MicroLogix 1100 Vulnerability: Improper Handling of Length Parameter Inconsistency 2. RISK EVALUATION Successful exploitation of this vulnerability...

Nero MediaHome 4.5.8.0 Denial Of Service

Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper Handling of Length Parameter Inconsistency...

Nero MediaHome Multiple Remote DoS Vulnerabilities

Advisory ID: HTB23130 Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public Disclosure: January 9, 2013 Vulnerability Type: Improper Handling of Length Parameter Inconsistency...

Nero MediaHome 4.5.8.0 Denial Of Service Vulnerability

Nero MediaHome version 4.5.8.0 suffers from multiple denial of service vulnerabilities due to improper handling issues. Product: Nero MediaHome Vendor: Nero Vulnerable Versions: 4.5.8.0 and probably prior Tested Version: 4.5.8.0 in Windows 7 SP1 Vendor Notification: November 21, 2012 Public...