4421 matches found
CLSA-2023-1683235759 Fix CVE(s): CVE-2022-3996, CVE-2023-0464, CVE-2023-0466
SECURITY UPDATE: Excessive resource use verifying X.509 policy constraints - debian/patches/CVE-2023-0464.patch: Limit X.509 certificate tree size to avoid exponential use of computational resources - CVE-2023-0464 SECURITY UPDATE: Incorrecly documented X509VERIFYPARAMadd0policy -...
CLSA-2023-1683235565 openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
CLSA-2023-1683235231 openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
CLSA-2023-1683234934 openssl: Fix of 3 CVEs
CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
CVE-2023-30093
A cross-site scripting XSS vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard...
CVE-2023-30093
CVE-2023-30093 is a cross-site scripting (XSS) vulnerability affecting Open Networking Foundation ONOS, from version v1.9.0 through v2.7.0. The issue enables execution of arbitrary web scripts/HTML via a crafted payload injected into the url parameter of the API documentation dashboard. The provi...
PT-2023-22535 · Open Networking Foundation · Onos
Name of the Vulnerable Software and Affected Versions: Open Networking Foundation ONOS versions 1.9.0 through 2.7.0 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter or...
Important: Red Hat Security Advisory: Satellite 6.13 Release
An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring ...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Pypa Setuptools
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Pypa Setuptools. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a speciall...
Malicious code in documentation-ably-realtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f6bf5586a7addf25073456bb7b754dafa5c124cc264cb37b2005088598555ee The OpenSSF Package Analysis project identified 'documentation-ably-realtime' @ 1.0.2 npm as malicious. It is considered malicious because: - Th...
MAL-2023-1161 Malicious code in documentation-ably-realtime (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3f6bf5586a7addf25073456bb7b754dafa5c124cc264cb37b2005088598555ee The OpenSSF Package Analysis project identified 'documentation-ably-realtime' @ 1.0.2 npm as malicious. It is considered malicious because: - Th...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2021-22569]
Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL may be vulnerable to denial of service due to [CVE-2022-3171]
Summary Protobuf is used by IBM App Connect Enterprise Certified Container for compiling and loading DFDL message models. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use DFDL message models may be vulnerable to denial of service if they...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to regular expression denial of service due to [CVE-2022-25881]
Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to regular expression denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality due to [CVE-2022-4304], [CVE-2023-0215], [CVE-2023-0286]
Summary OpenSSL is provided as part of the base images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to [CVE-2022-4450]
Summary OpenSSL is provided as part of the base images in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilities in OpenSSL...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restriction bypasss due to [CVE-2023-23918]
Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. If an IBM App Connect Enterprise Certified Container image is extended to run custom Node.js applications, it may be vulnerable to security restriction bypasss. This bulletin provides patch information ...
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41717]
Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41717 Vulnerability Details CVEID:CVE-2022-41717 DESCRIPTION: Golang Go is...
Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2022-41724]
Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2022-41724 Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is...