PT-2026-21626

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. The software’s security policy, intended to prevent reading/writing from...

CVE-2025-68429

This CVE (CVE-2025-68429) affects Storybook builds where environment variables in a .env file could be unintentionally bundled into the web-facing build artifacts. Vulnerable if you run storybook build in a directory containing .env (including .env.local) and then publish the built bundle. Affect...

EUVD-2023-32130

Malicious code in bioql PyPI...

EUVD-2023-49527

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

Allocation of Resources Without Limits or Throttling

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

Design/Logic Flaw

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

CVE-2017-5571 - Open Redirect Vulnerability in Citrix License Server for Windows and Citrix License Server VPX

Description of Problem An open redirect vulnerability has been identified in the Citrix License Server for Windows and the Citrix License Server VPX. This vulnerability could potentially be used to facilitate a phishing or social engineering attack. This vulnerability has been assigned the...

Fedora 31 : knot-resolver (2020-52e28feab6)

update to upstream version 5.1.3 ---- - update to new upstream version ---- - fixes CVE-2020-12667 ---- new upstream release https://www.knot-resolver.cz/2020-04-29-knot-resolver-5.1.0.html ---- - bugfix for 5.0.0 release ---- - see https://knot-resolver.readthedocs.io/en/stable/upgrading .html -...

Adding Some Salt to Our Network – Part 1

Why configuration management system was a must for our network, and how we chose SaltStack When we planned and designed the network automation at Imperva Cloud, we split our automation systems into three different systems, where each of the systems has a different set of requirements: 1...

Setting Azure Accelerated Networking on an ELM deployed before version 4.13

Prior to App Layering 4.13, the ELM was provisioned with a NIC that did not have Azure Accelerated Networking enabled. This feature was not fully supported by Microsoft on Linux guests prior to this point. Please note that upgrading to App Layering 4.13 will NOT change the NIC configuration. The...

USN-3722-3 clamav regression

USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version removed some configuration options which caused the daemon to fail to start in environments where the ClamAV configuration file was manually edited. This update fixes the problem. We apologize for the inconvenience. Original...

Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in the Apache HTTP server, caused by an error in the mod_log_config module (CVE-2014-0098)

Summary Apache HTTP Server is vulnerable to a denial of service, caused by an error in the modlogconfig module. Vulnerability Details CVE-ID: CVE-2014-0098 DESCRIPTION: IBM Tealeaf Customer Experience’s PCA uses the Apache HTTP server to render its web console. Apache HTTP server is vulnerable to...

Dynamic Application Profiling: What It Is and Why You Want Your WAF to Have It

Because web applications are unique, they have distinct structures and dynamics, and – unfortunately – different vulnerabilities. A web application security device, therefore, must understand the structure and usage of the protected applications. Depending on the complexity of the protected...

How to Setup Time on XenServer Manually When There Is No NTP Server

This is a situation where you don't have an AD , DC ,DNS or an NTP server in the environment to point the servers for syncing time...

SOL14204 - BIND vulnerability CVE-2011-4313

F5 Product Development has determined that these Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled. Recommended actio...

Scientific Linux Security Update : openoffice.org, hsqldb on SL5.x i386/x86_64

It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. CVE-2007-4575 It was discovered that HSQLDB did not...

LotusCMS 3.0 eval() Remote Command Execution

This module exploits a vulnerability found in Lotus CMS 3.0's Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default...

Windows 2 0 0 3 Enterprise Edition and IIS6 . ASP directory to perform defect-vulnerability warning-the black bar safety net

Writing this article a few days ago I found a IIS6 greater vulnerability,to make me happy for a whole 2 to 4 hours. It is a pity that vulnerability is my manual configuration. Method to achieve is the ASP drop out instead of JPG drop out,the JPG is copied to IIS publish directory,find JPG in the...