4420 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Google PubSub nodes are vulnerable to arbitrary code execution due to [CVE-2023-36665]
Summary Node.js module protobuf.js is used by IBM App Connect Enterprise Certified Container by the Google PubSub node. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Google PubSub node are vulnerable to arbitrary code execution. This...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution due to [CVE-2023-29404]
Summary The IBM App Connect Enterprise Certified Container operator is written in Golang Go, as are parts of the ace-server application. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code execution. This bulletin provides patch information to...
OESA-2023-1446 doxygen security update
Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C, PHP, Java, Python, IDL Corba, Microsoft, and UNO/OpenOffice flavors, Fortran, VHDL, Tcl, and to some extent D. Securit...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service due to [CVE-2023-3576]
Summary libtiff is not used directly by IBM App Connect Enterprise Certified Container but is present in one of the DesignerAuthoring images. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and loss of integrity due to [CVE-2023-31124], [CVE-2023-31130], [CVE-2023-31147]
Summary c-ares is cross-compiled with the Node.js runtime in the Red Hat Universal Base Images used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to loss of confidentiality and loss of...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality due to [CVE-2023-2976]
Summary Google Guava is used by IBM App Connect Enterprise Certified Container by mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality. This bulletin provides patch information to addres...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and arbitrary code execution due to [CVE-2022-4904], [CVE-2023-32067]
Summary c-ares is cross-compiled with the Node.js runtime in the Red Hat Universal Base Images used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container Dashboard and DesignerAuthoring operands are vulnerable to denial of service and arbitrary code...
Security Bulletin: Multiple OpenSSL vulnerabilities affect IBM Safer Payments
Summary OpenSSL is used by IBM Safer Payments as part of all secure network communications. These are addressed. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function...
CVE-2023-3990
creationtimestamp| type| source ---|---|--- 2023-07-28 12:29:15+00:00| seen| https://t.me/cibsecurity/67359 2024-12-05 13:57:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-3990.yaml...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to privilege escalation due to [CVE-2023-29403]
Summary The IBM App Connect Enterprise Certified Container operator is written in Golang Go, as are parts of the ace-server application. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to privilege escalation. This bulletin provides patch information to address...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restriction bypass due to [CVE-2023-24329]
Summary Python is used by IBM App Connect Enterprise Certified Container for mapping assistance, and is present in the images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to security restriction bypass. This bulletin provides patch...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and security restriction bypass due to [CVE-2023-2283], [CVE-2023-1667]
Summary libssh is found in the IBM App Connect Enterprise Certified Container images as part of the base operating system. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and security restriction bypass. This bulletin provides patch information to addre...
Fedora: Security Advisory for kernel-tools (FEDORA-2023-3661f028b8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to [CVE-2022-40897]
Summary Python setuptools is present in the IBM App Connect Enterprise Certified Container operand images. Python setuptools is vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python setuptools. CVE-2022-40897 Vulnerability Detail...
API Security in 2023: Major Insights from Postman’s State of the API Report
📣 Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman - one of the leading dev tools for building APIs, is now available. This comprehensive report, produced annually, is backed by an extensive survey and offers a deep dive into the...
[SECURITY] Fedora 38 Update: kernel-tools-6.4.4-200.fc38
This package contains the tools/ directory from the kernel source and the supporting documentation...
[SECURITY] Fedora 37 Update: kernel-tools-6.4.4-100.fc37
This package contains the tools/ directory from the kernel source and the supporting documentation...
Collateralization ratio manipulation can cause a denial of service
Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js Request module denial of service vulnerabilitiy [ CVE-2023-28155]
Summary Potential Node.js Request module denial of service vulnerabilitiy have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2023-28155 Vulnerability Details...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security...