Security Bulletin: IBM Asset Data Dictionary Component uses bcprov-jdk18on-1.72.jar which is vulnerable to CVE-2023-33201 and CVE-2023-33202

Summary IBM Asset Data Dictionary Component uses bcprov-jdk18on-1.72.jar which is vulnerable to CVE-2023-33201 and CVE-2023-33202. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-33201 DESCRIPTION: The Bouncy Castle Crypto Packa...

Privilege Escalation

templated-dictionary is vulnerable to Privilege Escalation. The vulnerability is caused due to absence of proper sandboxing mechanisms during the expansion and execution of Jinja2 templates. This allows an attacker to define configuration tags that potentially lead to privilege escalation or code...

AZL-43540 CVE-2023-6395 affecting package python-templated-dictionary 1.1-6

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, whic...

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself...

SUSE CVE-2023-39316

Multiple integer overflow vulnerabilities exist in the LXT2 numdictentries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer...

DEBIAN-CVE-2023-38652

Multiple integer overflow vulnerabilities exist in the VZT vztrdblockvchdecode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the...

PT-2024-12752 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: Multiple integer overflow vulnerabilities exist in the VZT vzt rd block vch decode dict parsing functionality. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a...

Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining

Poorly secured Linux SSH servers are being targeted by bad actors to install port scanners and dictionary attack tools with the goal of targeting other vulnerable servers and co-opting them into a network to carry out cryptocurrency mining and distributed denial-of-service DDoS attacks. "Threat...

OESA-2023-1953 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...

OESA-2023-1955 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...

OESA-2023-1956 freeradius security update

Remote Authentication Dial-In User Service RADIUS is a networking protocol that provides centralized Authentication, Authorization, and Accounting AAA or Triple A management for users who connect and use a network service. Security Fixes: In freeradius, the EAP-PWD function computepasswordelement...

SUSE CVE-2023-49992

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c...

AZL-34677 CVE-2023-49992 affecting package espeak-ng for versions less than 1.52.0-1

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c...

Stack overflow

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c...

eSpeak NG Security Vulnerability

eSpeak NG is an open source software text-to-speech synthesizer from eSpeak NG Open Source. A security vulnerability exists in eSpeak NG version 1.52-dev, which is caused by a buffer overflow in the RemoveEnding method of the dictionary.c file...

mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc

MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table-getrefcount == 0 in dict0dict.cc...

lestrrat-go jwx resource management error vulnerability

lestrrat-go jwx is a library for lestrrat-go individual developers. lestrrat-go jwx suffers from a resource management error vulnerability that originates from an attacker being able to cause a denial of service by causing a large amount of computation consumption using password brute force and...

F5 Networks BIG-IP : IPsec IKEv1 vulnerability (K42378447)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K42378447 advisory. - The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair...

SUSE CVE-2021-35632

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Data Dictionary. Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQ...