Verint Systems Verint Workforce Optimization 跨站脚本漏洞

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, Inc. The product supports workforce management, call logging, automated quality management, performance management, text and desktop analytics, etc. An injection vulnerability exis...

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22945)

Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2021-22945 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused ...

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by a vulnerability in libcurl (CVE-2021-22925)

Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerability: libcurl is vulnerable to a remote attack. Vulnerability Details CVEID: CVE-2021-22925 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

Veeam Cloud Connect Scalability Tweaks

Purpose This article documents advanced settings to optimize Veeam Cloud Connect to handle many connections. Numerous optimizations to the Cloud Connect framework on both the service provider and the tenant sides have been introduced to increase its scalability including the number of concurrent...

The vulnerabilities of the Citrix ADC application delivery controller (formerly Citrix NetScaler Application Delivery Controller), the Citrix Gateway virtual environment access control system (formerly Citrix NetScaler Gateway), and the Citrix SD-WAN WANOP network management software are related to authentication process flaws, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of the Citrix ADC application delivery controller previously called Citrix NetScaler Application Delivery Controller, the Citrix Gateway virtual environment access control system previously called Citrix NetScaler Gateway, and the Citrix SD-WAN WANOP network management softwar...

Memory Safety Issue when using patch or merge on state and assign the result back to state

Impact This vulnerability is a memory safety Issue when using patch or merge on state and assign the result back to state. In this case affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be access...

GHSA-MC22-5Q92-8V85 Memory Safety Issue when using patch or merge on state and assign the result back to state

Impact This vulnerability is a memory safety Issue when using patch or merge on state and assign the result back to state. In this case affected versions of Tremor and the tremor-script crate maintains references to memory that might have been freed already. And these memory regions can be access...

Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

RUSTSEC-2021-0111 Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`

Affected versions of this crate maintains references to memory that might have been freed already. If affects the following two tremor-script language constructs: A Merge where we assign the result back to the target expression and the expression to be merged needs to reference the event: let sta...

Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Summary There are multiple vulnerabilities in IBM® SDK Java Technology Edition from July 2021 CPU that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS...

Holy Grail of Security: Answer to ‘Did X Work?’ – Podcast

Get a glass. Pour in one shot of VERIS, aka the Vocabulary for Event Recording and Incident Sharing engine that generates Verizon’s funny, well-written, incredibly useful, annual Database Investigations Report DBIR. Next, add a shot of MITRE ATT&CK: the curated knowledge repository of reported...

XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...

GHSA-9GR3-7897-PP7M XSS in Image Optimization API for Next.js

Impact - Affected: All of the following must be true to be affected - Next.js between version 10.0.0 and 11.1.0 - The next.config.js file has images.domains array assigned - The image host assigned in images.domains allows user-provided SVG - Not affected: The next.config.js file has images.loade...

Cross-site Scripting (XSS)

next is vulnerable to cross-site scripting. An attacker is able to inject and execute malicious scirpt via image optimization API if next.config.js file have images.domains array assigned and the image host assigned in images.domains which allows user-provided SVG...

CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

Memory Utilization settings applied via WEM are not working

The customer was running WEM version 1811 and upgraded to version 2103 They had memory and CPU utilization settings applied via WEM that were working fine They noticed after the upgrade that memory load in the VDAs started spiking above 80% even though they have set memory optimization rules via...

GHSA-R6FF-2Q3C-V3PV Compiler optimisation leads to SEGFAULT

Affected versions of the pnet crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault...

Null pointer dereference in TFLite MLIR optimizations

Impact An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service: This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionally dereferences a pointer to an iterator to a...

GHSA-WF5P-C75W-W3WH Null pointer dereference in TFLite MLIR optimizations

Impact An attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service: This is caused by the MLIR optimization of L2NormalizeReduceAxis operator. The implementation unconditionally dereferences a pointer to an iterator to a...

Security update for MozillaFirefox (important)

openSUSE Security Update: Security update for MozillaFirefox Announcement ID: openSUSE-SU-2021:1184-1 Rating: important References: 1188891 SLE-18626 Cross-References: CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989 CVSS scores: CVE-2021-29980 SUSE: 7.5...