CVE-2022-21359

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Optimization Framework. Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSo...

KLA12429 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in Service Worker API can be exploited to cause denial of servic...

[SECURITY] Fedora 34 Update: python-cvxopt-1.2.7-1.fc34

CVXOPT is a free software package for convex optimization based on the Python programming language. Its main purpose is to make the development of software for convex optimization applications straightforward by building on Python's extensive standard library and on the strengths of Python as a...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)

Summary There are Remote Attack Vulnerabilities in Apache Log4j CVE-2021-44832, CVE-2021-45046, CVE-2021-45105 which is used by IBM Engineering Lifecycle Optimization - Publishing PUB and Rational Publishing Engine RPE Knowledge Center for logging . The fix includes upgrade to Apache Log4j v2.17....

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...

Missing Initialization of Resource in pnet

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

GHSA-24G6-5RX7-58WJ Missing Initialization of Resource in pnet

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition and Tasktop Sync

Summary No action is required for Tasktop Viz or Tasktop Sync or IBM Engineering Lifecycle Optimization - Integration Adapters Tasktop Edition as they were not impacted by this vulnerability. Sync or IBM LIA is using Log4J 1.2.15, which is very old and not subject to the Log4J vulnerability. The...

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

Sql injection

The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escape the sbpconverttablename parameter before using it in a SQL statement to convert the related table, leading to an SQL injection...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1635-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1635-1 advisory. - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code...

CVE-2019-25054

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

Design/Logic Flaw

An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault upon attempted dereference of an uninitialized descriptor because of an erroneous IcmpTransportChannelIterator compiler optimization...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2021:4150-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4150-1 advisory. - An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted...

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

A popular WordPress SEO-optimization plugin, called All in One SEO, has a pair of security vulnerabilities that, when combined into an exploit chain, could leave website owners open to site takeover. The plugin is used by more than 3 million websites. An attacker with an account with the site –...

Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting With the "TDK optimization" setting enabled 7th page, first one: https://example.com/?s=123456"alert/XSS...

Security Bulletin: Log4jShell Vulnerability affects Decision Optimization for Cloud Pak for Data (CVE-2021-44228)

Summary The Apache Log4j vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. IBM strongly recommends addressing the Log4j vulnerability CVE-2021-44228 now by upgrading. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote...

CVE-2021-36450

Verint Workforce Optimization WFO 15.2.8.10048 allows XSS via the control/mynotifications NEWUINAV parameter...

CVE-2021-36450

Verint Workforce Optimization WFO 15.2.8.10048 allows XSS via the control/mynotifications NEWUINAV parameter...

Verint Systems Verint Workforce Optimization 跨站脚本漏洞

Verint Systems Verint Workforce Optimization WFO is a workforce performance management solution from Verint Systems, Inc. A cross-site scripting vulnerability exists in version 8.10048, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploi...