Buffer overread in the ngx_http_mp4_module

Buffer overread in the ngxhttpmp4module Severity: low CVE-2024-7347 Not vulnerable: 1.27.1+, 1.26.2+ Vulnerable: 1.5.13-1.27.0...

NULL pointer dereference in HTTP/3

NULL pointer dereference in HTTP/3 Severity: medium CVE-2024-35200 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...

Stack overflow and use-after-free in HTTP/3

Stack overflow and use-after-free in HTTP/3 Severity: medium CVE-2024-31079 Not vulnerable: 1.27.0+, 1.26.1+ Vulnerable: 1.25.0-1.25.5, 1.26.0...

Jira - CVE-2024-22243

h3. Issue Summary We have several Customers waiting for a response about the vulnerability CVE-2024-22243|https://nvd.nist.gov/vuln/detail/CVE-2024-22243, if it affects Atlassian products, in particular, Jira Data Center. h3. Steps to Reproduce Run Generic Security Scan Tool h3. Expected Results...

CVE-2023-5378

Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown...

Atlassian Confluence SSTI Injection Exploit

This Metasploit module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. This module requires...

Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable

Summary Security vulnerability in FileNet Content Manager FNCM FileNet Content Search Services CSS ThoughtWorks XStream, affected, not vulnerable. Vulnerability Details CVEID:CVE-2022-41966 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

Security Bulletin: IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not affected by the Bash vulnerabilities (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, and CVE-2014-6278) Flash

Summary IBM FlashSystem 710, 720, 810, and 820 systems and RamSan 710, 720, 810, and 820 systems are not vulnerable to the Bash vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and the two memory corruption vulnerabilities. Vulnerability Details IBM FlashSystem 710, 720,...

K16827: Apache Struts vulnerability CVE-2015-1831

Security Advisory Description Description Incorrect default exclude patterns were introduced in version 2.3.20 of Struts, if default settings are used, the attacker can compromise internal application's state. CVE-2015-1831 Impact There is no impact; F5 products are not affected by this...

K16880: Libcap vulnerability CVE-2011-4099

Security Advisory Description Description The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. CVE-2011-4099 Impact None. F5 products are not...

SA40312 - September 22 2016 OpenSSL Security Advisory

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On September 22, 2016 the OpenSSL project announced a group of new security advisories. These issues affect all supported versions of Pulse Secure products. For a list of supported...

Memory disclosure in the ngx_http_mp4_module

Memory disclosure in the ngxhttpmp4module Severity: medium CVE-2022-41742 Not vulnerable: 1.23.2+, 1.22.1+ Vulnerable: 1.1.3-1.23.1, 1.0.7-1.0.15...

Security Bulletin: Sterling Order Management and Spring vulnerability CVE-2022-22963

Abstract Is Sterling Order Management affected by Spring vulnerability CVE-2022-22963? Content IBM is aware of a recently surfaced vulnerability CVE-2022-22963 and has evaluated whether any Sterling Order Management applications are affected. The following is a summary of our evaluation: Componen...

CVE-2022-1622

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

Check Point response to CVE-2021-43267

Symptoms A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent inter-process communication. An attacker, with the ability to send TIPC messages to the target, can cause memory corruption and escalate privileges on the target system. Cause This...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Proof of Concept Quick and dirty proof of conce...

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

BSA-2017-334

Security Advisory ID : BSA-2017-334 Component : zlib Revision : 2.0: Interim An oldinffast.coptimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant withtheCstandard, for which decrementing a pointer before its allocated memory is undefined. Affect...

BSA-2017-304

Security Advisory ID : BSA-2017-304 Component : Linux Kernel Revision : 1.0: Interim The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNELDS option is set, which allows local users to read or write to arbitrary kernel memo...

BSA-2017-223

Security Advisory ID : BSA-2017-223 Component : ntp Revision : 1.0: Interim Zero Origin timestamp problems were fixed by Bug 2945 in ntp-4.2.8p6. However, subsequent timestamp validation checks introduced a regression in the handling of some Zero origin timestamp checks. Affected Products Product...