Important: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.14.5 Patch 1 release and security update

A patch is now available for Camel for Spring Boot 3.14.5. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS bas...

Input validation

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG OTRS Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; OTRS Community Edition: from 6.0.1 through 6.0.34...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel 防火墙未经身份验证的远程命令注入漏洞 影响组件 USG FLEX 100...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel firewall: Unauthenticated remote comman...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...

CVE-2022-23312

A vulnerability has been identified in Spectrum Power 4 All versions V4.70 SP9 Security Patch 1. The integrated web application "Online Help" in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious...

WAGO 750-8xxx PLC Denial Of Service / User Enumeration

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service & User Enumeration product: WAGO 750-8xxx PLC vulnerable version: Firmware 20 Patch 1 v03.08.08 fixed version: Firmware 20 Patch 1 v03.08.08 CVE number:...

Release Information for Veeam Service Provider Console v6 Patch 1

Requirements Please confirm you are running Veeam Service Provider Console version 6.0.0.7739 or later before installing Patch 1. You can check this by logging in to the backup portal and navigating to theConfiguration Support Information tab. After upgrading, your server build will be 6.0.0.8787...

SUSE SLES15 Security Update : kernel (Live Patch 1 for SLE 15 SP3) (SUSE-SU-2021:3742-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3742-1 advisory. - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first...

Release Information for Veeam Backup for Google Cloud Platform v2 Patch 1

Requirements Before installing this patch, please confirm that you are running Veeam Backup for Google Cloud Platform v2 build 2.0.0.530. You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the mai...

Directory And Resource Administrator 安全漏洞

Micro Focus Directory And Resource Administrator DRA is an enterprise management solution from Micro Focus UK. A security vulnerability exists in Micro Focus Directory and Resource Administrator DRA versions prior to 10.1 Patch 1 that could lead to unauthorized disclosure of information...

Unspecified Vulnerability in NetIQ Advanced Authentication

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A security vulnerability exists in NetIQ Advanced Authentication that allows the use of single-factor authentication in...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Thrift

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Thrift. Vulnerability Details CVEID: CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote...

Veeam Service Provider Console v5 Patch 1

This patch has been superseded by Veeam Service Provider Console v5 Patch 2. Requirements Please confirm you are running version 5.0.0.6726 before installing Patch 1. You can check this by logging in to the backup portal and navigating to the Configuration Support Information tab. After upgrading...

CVE-2020-4888

IBM QRadar SIEM is vulnerable to deserialization of untrusted data (CVE-2020-4888). Affected versions are QRadar SIEM 7.4.0–7.4.2 Patch 1 and 7.3.0–7.3.3 Patch 7. The issue arises from insecure Java deserialization of user-supplied content, enabling a remote attacker to execute arbitrary commands...

Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787)

Summary IBM QRadar SIEM is vulnerable to Server Side Request Forgery Vulnerability Details CVEID: CVE-2020-4787 DESCRIPTION: IBM QRadar is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to...

Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)

Summary Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

Security Bulletin: Malicious file upload and download could affect Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary Watson Knowledge Catalog for IBM Cloud Pak for Data was vulnerable to malicious file uploads and downloads. The issue is now addressed. Vulnerability Details Third Party Entry: PSIRT-ADV0025909 DESCRIPTION: Created from Advisory: ADV0025909 CVSS Base score: 5.7 CVSS Vector:...

Security Bulletin: PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure (CVE-2020-13692)

Summary PostgresSQL JDBC Driver as used in IBM QRadar SIEM is vulnerable to information disclosure caused by an XML external entity XXE Vulnerability Details CVEID: CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caus...

Security Bulletin: Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation (CVE-2019-12400)

Summary Apache Santuario as used in IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2019-12400 DESCRIPTION: Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the loading of XML parsing code...