4421 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use FTE nodes may be vulnerable to loss of confidentiality due to [CVE-2022-42436]
Summary The IBM MQ FTE agent is used in IBM App Connect Enterprise Certified Container by the FTE nodes. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run flows containing FTE nodes may be vulnerable to loss of confidentiality. This bulletin...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service due to [CVE-2023-30798]
Summary Starlette is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to denial of service. This bulletin provides patch information to address the...
[SECURITY] Fedora 38 Update: php-laminas-diactoros2-2.25.2-1.fc38
A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://docs.laminas.dev/laminas-diactoros/ Autoloader: /usr/share/php/Laminas/Diactoros2/autoload.php 1...
CVE-2021-22873
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-22873.yaml...
CVE-2021-24940
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24940.yaml...
CVE-2021-26475
creationtimestamp| type| source ---|---|--- 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-26475.yaml...
Fedora: Security Advisory for lilypond-doc (FEDORA-2023-fb8bc496c2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for lilypond-doc (FEDORA-2023-6edb8fab0d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: lilypond-doc-2.24.1-1.fc36
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files. This package contains the HTML documentation for LilyPond...
[SECURITY] Fedora 37 Update: lilypond-doc-2.24.1-1.fc37
LilyPond is an automated music engraving system. It formats music beautifully and automatically, and has a friendly syntax for its input files. This package contains the HTML documentation for LilyPond...
USN-6039-1 openssl, openssl1.0 vulnerabilities
It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of...
SUSE-SU-2023:1970-2 Security update for giflib
This update for giflib fixes the following issues: - CVE-2019-15133: Fixed a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c if the height field of the ImageSize data structure is equal to zero bsc1146299. - CVE-2018-11490: Fixed a heap-based buffer overflow in...
Security Bulletin: IBM Safer Payment affected by OpenSSL Racoon Attack (CVE-2020-1968)
Summary IBM Safer Payments uses OpenSSL. This vulnerability is addressed. Vulnerability Details CVEID:CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the pre-master secret in...
Security Bulletin: There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25881)
Summary There is a security vulnerability in Node.js http-cache-semantics module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a...
GVision - A Reverse Image Search App That Use Google Cloud Vision API To Detect Landmarks And Web Entities From Images, Helping You Gather Valuable Information Quickly And Easily
GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather valuable information quickly and easily. About Google Cloud Vision API Google Cloud Vision API is a machine learning-powered image analysis service that...
XWiki Commons 代码注入漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A security vulnerability exists in XWiki Commons, which stems from the fact that any user with view access to normally accessible documentation, including notification preference macros, can execute arbitrary Groovy...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-37603]
Summary Node.js module loader-utils is used by IBM App Connect Enterprise Certified Container by DesignerAuthoring operands. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...
Tokens with Fee on Transfer can break the PrivatePool invariant
Lines of code Vulnerability details Impact Some tokens take a transfer fee e.g. STA, PAXG, some do not currently charge a fee but may do so in the future e.g. USDT, USDC. Fees lead to the fact that the pool actually receives less funds than expected in the contract, and the reserve configuration ...
Lucee Scheduled Job v1.0 - Command Execution
Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Date: 3-23-2012 Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref ...
Metasploit Weekly Wrap-Up
The tide rolls in and out. The flood of new modules last week crested leaving ample time for documentation updates this week. The team and the community seem to have focused on getting those sweet sprinkles of information that help everyone understand Metasploit out to the world. Enhancements and...