CVE-2024-24811

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

Spoofing

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution

SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version...

CSAM Strengthens Attack Surface Coverage and Risk Assessment With Third-Party Connectors

Organizations using Qualys CyberSecurity Asset Management CSAM can now import asset data from any external system into the Enterprise TruRisk Platform. With third-party connectors, you will identify any existing coverage gaps and add business context to your unified inventory, helping you...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

CVE-2023-50327

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

CVE-2023-50327 IBM PowerSC weak security

IBM PowerSC 1.3, 2.0, and 2.1 uses insecure HTTP methods which could allow a remote attacker to perform unauthorized file request modification. IBM X-Force ID: 275109...

IBM PowerSC 安全漏洞

IBM PowerSC is an International Business Machines IBM security and compliance solution for IBM Power Systems servers. IBM PowerSC suffers from an interpretation conflict vulnerability that stems from not using a secure HTTP method, which could be exploited by an attacker to perform unauthorized...

PT-2024-13904 · Ibm · Ibm Powersc

Name of the Vulnerable Software and Affected Versions: IBM PowerSC versions 1.3 through 2.1 Description: The issue is related to the use of insecure HTTP methods, which could allow a remote attacker to perform unauthorized file request modification. Recommendations: For versions 1.3 through 2.1,...

PT-2024-14824 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.6.9 Quarkus versions prior to 3.7.1 Quarkus versions prior to 3.8.x Description: A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Jav...

CVE-2024-23903

Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

Design/Logic Flaw

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

CVE-2024-0200 Unsafe Reflection in Github Enterprise Server leading to Command Injection

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

GitHub Enterprise Server Security Vulnerability

GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which stems from the presence of ...

PT-2024-19402 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo versions prior to 2.47.0 Avo versions prior to 3.3.0 Description: Avo is a framework to create admin panels for Ruby on Rails apps. In Avo, any HTML inside text that is passed to error or succeed in an Avo::BaseAction subclass will be...

EulerOS Virtualization 2.11.1 : python3 (EulerOS-SA-2023-2739)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assist...

Cross site scripting

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...

CVE-2024-22199 Django Template Engine Vulnerable to XSS

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious...