Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38039 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by not limiting the number and size of headers accept i...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

VolWeb - A Centralized And Enhanced Memory Analysis Platform

VolWeb is a digital forensic memory analysis platform that leverages the power of the Volatility 3 framework. It is dedicated to aiding in investigations and incident responses. Objective The goal of VolWeb is to enhance the efficiency of memory collection and forensic analysis by providing a...

ALLDATA 安全漏洞

ALLDATA is an online resource for automotive OEM information from ALLDATA, Inc. It provides diagnostic and repair information for vehicle manufacturers. A security vulnerability exists in ALLDATA version V0.4.6, which stems from the disclosure of interface documentation for multiple modules, e.g....

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface documents have been leaked.For example, the /api/system/v2/api-docs module...

PT-2024-21962 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: Alldata version 0.4.6 Description: The issue is related to Incorrect Access Control, resulting in the leakage of many modules' interface documents. For example, the "/api/system/v2/api-docs" module is affected. Recommendations: For Alldata...

CVE-2024-27602

Alldata V0.4.6 is vulnerable to Incorrect Access Control, resulting in leakage of interface documents (e.g., /api/system/v2/api-docs). The CVE details from multiple sources describe an externally reachable risk with high impact to confidentiality and integrity, and a critical CVSS 3.1 score (9.1)...

Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page

Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...

Rrgen - A Header Only C++ Library For Storing Safe, Randomly Generated Data Into Modern Containers

This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container. Installation 1...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands may be vulnerable to denial of service

Summary The Bouncy Castle Crypto Package For Java is used by the MQ Client in IBM App Connect Enterprise Certified Container IntegrationServers and IntegrationRuntimes. This bulletin provides patch information to address the reported vulnerability in the Bouncy Castle Crypto Package For Java...

Internet Bug Bounty: CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc

A remote code execution vulnerability was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. The vulnerability was caused by the lack of restrictions on the classes that could be restored when parsing .rdocoptions as a YAML file. Additionally, object injection and...

CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

[SECURITY] Fedora 40 Update: containers-common-0.58.0-2.fc40

This package contains common configuration files and documentation for contai ner tools ecosystem, such as Podman, Buildah and Skopeo. It is required because the most of configuration files and docs come from pro jects which are vendored into Podman, Buildah, Skopeo, etc. but they are not packag ...

Fedora: Security Advisory (FEDORA-2024-a267e93f8c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rubygem-yard (FEDORA-2024-3744975c4b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site Scripting in Moodle Chat

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...

[SECURITY] Fedora 38 Update: rubygem-yard-0.9.36-1.fc38

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

Fedora 38 : rubygem-yard (2024-3744975c4b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3744975c4b advisory. A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack. This issue is now assigned as CVE-2024-27285 . Th...

SUSE CVE-2023-52614

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in transstatshow Fix buffer overflow in transstatshow. Convert simple snprintf to the more secure scnprintf with size of PAGESIZE. Add condition checking if we are exceeding PAGESIZE and exit ear...

CVE-2024-22412

ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles...