EUVD-2018-10707

Malware in sbrugna...

EUVD-2022-37708

Malicious code in bioql PyPI...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

Linux Distros Unpatched Vulnerability : CVE-2019-1000020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop with Unreachable Exit Condition...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

Security Bulletin: IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability

Summary IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to op...

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem

Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

LevelOne WBR-6012 Web Application denial of service vulnerability

Talos Vulnerability Report TALOS-2024-2001 LevelOne WBR-6012 Web Application denial of service vulnerability October 30, 2024 CVE Number CVE-2024-33623 SUMMARY A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

Protect

A loop with unreachable exit condition 'Infinite Loop' vulnerability CWE-835 in FortiOS, FortiProxy and Fortiweb may allow an authenticated attacker to perform a denial of service via a specially crafted firmware image...

Mitsubishi Electric Multiple Factory Automation Products (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

Schneider Electric Modicon Infinite Loop (CVE-2022-34760)

A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...

CVE-2022-34760

A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...

Design/Logic Flaw

A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...

CVE-2022-34760

A CWE-835: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V1.0, OPC UA Modicon Communication Module...

MZ Automation GmbH libiec61850 parseNormalModeParameters denial of service vulnerability

Summary A denial of service vulnerability exists in the parseNormalModeParameters functionality of MZ Automation GmbH libiec61850 1.5.0. A specially-crafted series of network requests can lead to denial of service. An attacker can send a sequence of malformed iec61850 messages to trigger this...

Advisory ROSA-SA-2021-1900

Software: libvncserver 0.9.9 OS: Cobalt 7.9 CVE-ID: CVE-2016-9941 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before version 0.9.11 allows remote servers to cause a denial of service application failure or possibly execute arbitrary code v...

Input validation

Remote Denial of Service in LwM2M dowriteoptlv. Zephyr versions = 1.14.2, = 2.2.0 contain Improper Input Validation CWE-20, Loop with Unreachable Exit Condition 'Infinite Loop' CWE-835. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh...

Multiple Embedded TCP/IP Stacks

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Multiple open source Equipment: uIP-Contiki-OS, uIP-Contiki-NG, uIP, open-iscsi, picoTCP-NG, picoTCP, FNET, Nut/Net Vulnerabilities: Infinite Loop, Integer Wraparound, Out-of-bounds Read, Integer...