4421 matches found
Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation
Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...
Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security
CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabli...
[SECURITY] Fedora 34 Update: python-pillow-8.1.2-5.fc34
Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0394
An update of 'libtiff', 'kubernetes' packages of Photon OS has been released...
Bring Your APIs Out of the Shadows to Protect Your Business
Pankaj Gupta, Senior Director, Citrix APIs are immensely more complex to secure. What was previously one request to one server has become dozens or hundreds of requests to dozens or hundreds of entities. In the past, you defended one large application with a single front door. Now you must defend...
There is no corresponding setResume() for setHalted()
Handle 0xRajeev Vulnerability details Impact There is no function for setting halted to false, i.e. to resume the halted protocol, unlike pause/unpause. It appears that halted is actually permanent shutdown here. If so, this should be documented clearly. If not, setHalted should take a boolean to...
Incorrect access control on Harvester add/remove strategy functions
Handle 0xRajeev Vulnerability details Impact The documentation comments indicate that addStrategy and removeStrategy are gov/strategist only functions which is true for setHarvester and setSlippage but add/remove strategy have the incorrect onlyController modifier instead of onlyStrategist. Proof...
User may receive less than the eligible amount per the shares being withdrawn
Handle 0xRajeev Vulnerability details Impact User may receive less than the eligible amount per the shares being withdrawn. It is not clear under what conditions this happens but needs to be documented and user warned. Proof of Concept Tools Used Manual Analysis Recommended Mitigation Steps...
Pollenisator - Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave,...
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0390
An update of 'libgd' packages of Photon OS has been released...
documentation.nokia.com Cross Site Scripting vulnerability OBB-2136059
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
PAN-OS: Impact of Telnet Remote-Code-Execution (RCE) Vulnerability (CVE-2020-10188)
A buffer overflow vulnerability in the Telnet-based administrative management service included with PAN-OS software allows remote attackers to execute arbitrary code. The Telnet-based administrative management service is disabled by default and this issue is not exploitable if this service is...
mrdoc code issue vulnerability
mrdoc is an online documentation system developed in python. mrdoc has a security vulnerability that can be exploited by attackers to deserialize untrusted data...
TIGMINT - OSINT (Open Source Intelligence) GUI Software Framework
An OSINT Open Source Intelligence software framework with an objective of making cyber investigations more convinient by implementing abstraction mechanisms to hide the background technical complexity also bundling different analysis techniques for social media Intelligence together providing a...
mrdoc 代码问题漏洞
mrdoc is an online documentation system developed in python. mrdoc has a security vulnerability that can be exploited by attackers to deserialize untrusted data...
Idiosyncratic fCash valuation is incorrect
Handle tensors Vulnerability details Impact The docs say that: "Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of the...
Apache Zeppelin Authentication Bypass Vulnerability
Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin 0.9.0 and earlier versions contain a...
Ruby: XSS exploit of RDoc documentation generated by rdoc
Vulnerability description not provided...
Out of bounds write in reorder
swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...
XStream can cause a Denial of Service
Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...