Lucene search
K

4421 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 7:3 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...

8.1CVSS0.7AI score0.10608EPSS
Exploits4Affected Software4
Kitploit
Kitploit
added 2021/09/27 11:30 a.m.29 views

Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabli...

7.9AI score
Exploits0References7
Fedora
Fedora
added 2021/09/21 3:33 p.m.42 views

[SECURITY] Fedora 34 Update: python-pillow-8.1.2-5.fc34

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

7.5CVSS7.8AI score0.0318EPSS
Exploits1
Photon
Photon
added 2021/09/21 12:0 a.m.38 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0394

An update of 'libtiff', 'kubernetes' packages of Photon OS has been released...

5.5CVSS0.9AI score0.06505EPSS
Exploits1
ThreatPost
ThreatPost
added 2021/09/20 1:0 p.m.42 views

Bring Your APIs Out of the Shadows to Protect Your Business

Pankaj Gupta, Senior Director, Citrix APIs are immensely more complex to secure. What was previously one request to one server has become dozens or hundreds of requests to dozens or hundreds of entities. In the past, you defended one large application with a single front door. Now you must defend...

10CVSS8.6AI score0.11084EPSS
Exploits0References3
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.15 views

There is no corresponding setResume() for setHalted()

Handle 0xRajeev Vulnerability details Impact There is no function for setting halted to false, i.e. to resume the halted protocol, unlike pause/unpause. It appears that halted is actually permanent shutdown here. If so, this should be documented clearly. If not, setHalted should take a boolean to...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.10 views

Incorrect access control on Harvester add/remove strategy functions

Handle 0xRajeev Vulnerability details Impact The documentation comments indicate that addStrategy and removeStrategy are gov/strategist only functions which is true for setHarvester and setSlippage but add/remove strategy have the incorrect onlyController modifier instead of onlyStrategist. Proof...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.9 views

User may receive less than the eligible amount per the shares being withdrawn

Handle 0xRajeev Vulnerability details Impact User may receive less than the eligible amount per the shares being withdrawn. It is not clear under what conditions this happens but needs to be documented and user warned. Proof of Concept Tools Used Manual Analysis Recommended Mitigation Steps...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2021/09/11 8:30 p.m.44 views

Pollenisator - Collaborative Pentest Tool With Highly Customizable Tools

Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave,...

7.3AI score
Exploits0References3
Photon
Photon
added 2021/09/10 12:0 a.m.36 views

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0390

An update of 'libgd' packages of Photon OS has been released...

5CVSS0.9AI score0.02051EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2021/09/08 6:12 p.m.17 views

documentation.nokia.com Cross Site Scripting vulnerability OBB-2136059

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Palo Alto Networks
Palo Alto Networks
added 2021/09/08 4:0 p.m.63 views

PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)

A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...

9.8CVSS2.2AI score0.74513EPSS
Exploits2References1
CNVD
CNVD
added 2021/09/08 12:0 a.m.16 views

mrdoc code issue vulnerability

mrdoc is an online documentation system developed in python. mrdoc has a security vulnerability that can be exploited by attackers to deserialize untrusted data...

7.8CVSS4.5AI score0.00824EPSS
Exploits1References1
Kitploit
Kitploit
added 2021/09/07 8:30 p.m.135 views

TIGMINT - OSINT (Open Source Intelligence) GUI Software Framework

An OSINT Open Source Intelligence software framework with an objective of making cyber investigations more convinient by implementing abstraction mechanisms to hide the background technical complexity also bundling different analysis techniques for social media Intelligence together providing a...

7.4AI score
Exploits0References2
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.2 views

mrdoc 代码问题漏洞

mrdoc is an online documentation system developed in python. mrdoc has a security vulnerability that can be exploited by attackers to deserialize untrusted data...

7.8CVSS5.5AI score0.00824EPSS
Exploits1References2
Code423n4
Code423n4
added 2021/09/05 12:0 a.m.14 views

Idiosyncratic fCash valuation is incorrect

Handle tensors Vulnerability details Impact The docs say that: "Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of the...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/09/04 12:0 a.m.22 views

Apache Zeppelin Authentication Bypass Vulnerability

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin 0.9.0 and earlier versions contain a...

7.5CVSS4.1AI score0.03258EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/08/27 12:35 p.m.33 views

Ruby: XSS exploit of RDoc documentation generated by rdoc

Vulnerability description not provided...

4.3CVSS5.5AI score0.03622EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2021/08/25 8:54 p.m.34 views

Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

7.5CVSS7.2AI score0.009EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.69 views

XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

6.5CVSS7.3AI score0.0594EPSS
Exploits1References13Affected Software1
Rows per page
Query Builder