Security Bulletin: IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268.

Summary IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268. This Bulletine contains information of the vulerable product version and it's...

GHSA-2PGJ-5CV2-6XXW FuelVM is vulnerable to heap memory allocation re-use bug

Impact A memory safety vulnerability was present in the Fuel Virtual Machine FuelVM, where memory reads could bypass expected access controls. Specifically, when a smart contract performed a mload or other opcodes which access memory on memory that had been deallocated using ret, it was still abl...

CLSA-2025-1757947030 nettle: Fix of CVE-2018-16869

Port side-channel silent functions from 3.4.1. Partially fix for CVE-2018-16869 - CVE-2018-16869: Add side-channel silent memory, math, PKCS1, RSA functions - Added tests for side-channel silent implementations...

CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

GHSA-H3GG-7WX2-CQ3H XSS in Flarum Sticky extension

Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...

Cross site request forgery (csrf)

In Octopus Deploy versions 3.0.19 to 2019.7.2, when a web request proxy is configured, an authenticated user in certain limited circumstances could trigger a deployment that writes the web request proxy password to the deployment log in cleartext. This is fixed in 2019.7.3. The fix was back-porte...

openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)

Added a patch to fix errors in the pkcs11n.h header file. bmo702090 - update to 3.13.1 RTM - better SHA-224 support bmo647706 - fixed a regression causing hangs in some situations introduced in 3.13 bmo693228 - update to 3.13.0 RTM - SSL 2.0 is disabled by default - A defense against the SSL 3.0...

HP Data Protector Remote Shell

!/bin/bash Exploit Title: HP Data Protector Remote Shell for HPUX Date: 2011-08-02 Author: Adrian Puente Z. Software Link:http://www8.hp.com/us/en/software/software- product.html?compURI=tcm:245-936920&pageTitle=data-protector Version: 0.9 Tested on: HPUX CVE: CVE-2011-0923 Notes: ZDI-11-055...

Windows2000 under the administrator account really insecure-vulnerability warning-the black bar safety net

If you have an ordinary user account,there is a very simple method to get the NT Administrator account: One of: first c:\winnt\system32 under logon. the scr was renamed as logon. old backup Then put the usrmgr. exe renamed to logon. scr Then restart the logon. the scr is loaded at startup of the...

After testing,it seems the Administrastor account is really insecure-vulnerability warning-the black bar safety net

If you have an ordinary user account,there is a very simple method to get the NT Administrator account: First put c:\winnt\system32 under logon. the scr was renamed as logon. old backup Then put the usrmgr. exe renamed to logon. scr Then restart the logon. the scr is loaded at startup of the...