Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2023-40167 DESCRIPTION: Jetty is...

Path traversal

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...

GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block

Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...

RHEL 8 : squid:4 (RHSA-2023:6804)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6804 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

Oracle Linux 8 : squid:4 (ELSA-2023-6267)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6267 advisory. - Improve HTTP chunked encoding compliance CVE-2023-46846 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 8 : squid:4 (RHSA-2023:6801)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6801 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

Debian dla-3649 : python-urllib3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3649 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3649-1 [email protected] https://www.debian.org/lts/security/...

PT-2023-9658 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Threat Defense UTD Snort Intrusion Prevention System IPS Engine for Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Cisco UTD Snort IPS Engine could allow an unauthenticated, remote...

RHEL 8 : squid:4 (RHSA-2023:6810)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6810 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

RHEL 8 : squid:4 (RHSA-2023:6803)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6803 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

Security Bulletin: Multiple vulnerabilities in Golang Go package affects Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in Golang Go package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remot...

CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size...

Heap overflow

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size...

Rocky Linux 8 : squid:4 (RLSA-2020:3623)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3623 advisory. - An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed agains...

RHEL 9 : squid (RHSA-2023:6748)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6748 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fixes: squid: Deni...

Rocky Linux 8 : nodejs:10 (RLSA-2021:0548)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0548 advisory. - Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like ://:@::/...

CVE-2023-47455

CVE-2023-47455 — Tenda AX1806 (V1.0.0.1) has a heap overflow in the setSchedWifi function caused by reading http request parameters schedStartTime and schedEndTime into src and v12 without size checks. Reported effects include the potential to remotely cause arbitrary behavior or denial of servic...

CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size...

CVE-2023-47455

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size...