75 matches found
CVE-2023-38714
CVE-2023-38714 affects IBM Cloud Pak System versions 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1, with the issue described as disclosing sensitive information about the system that could aid in further attacks. The IBM secur...
EulerOS 2.0 SP9 : python-requests (EulerOS-SA-2025-1044)
According to the versions of the python-requests package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been...
CVE-2024-25035
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...
CVE-2024-1682
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of...
CVE-2024-1682 Unclaimed S3 Bucket Reference in psf/requests Documentation
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, data leakage, availability problems, loss of...
RISC Zero zkVM notes on zero-knowledge
RISC Zero zkVM was designed from its inception to provide three main guarantees: 1. Computational integrity: that a given software program executed correctly. 2. Succinctness: that the proof of execution does not grow in relation to the program being executed. 3. Zero Knowledge: that details of t...
CVE-2024-4766
Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 126...
Design/Logic Flaw
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks...
PT-2023-4773 · Siemens · Ruggedcom Rs900 +27
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM i800 versions RUGGEDCOM i801 versions RUGGEDCOM i802 versions RUGGEDCOM i803 versions RUGGEDCOM M2100 versions RUGGEDCOM M2200 versions RUGGEDCOM M969 versions RUGGEDCOM RMC30 versions RUGGEDCOM RMC8388 versions 4.X through 5.X...
CVE-2023-28159
The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 111...
No Allowlist For Bridgeable ERC-20 Tokens
Lines of code Vulnerability details Vulnerability Details We noticed that the deposit function of the L1ERC20Bridge contract code snippet 1 permits a user to bridge any ERC-20 tokens including deflationary and rebase tokens from the L1 to the L2 network. We considered that permitting non-standard...
Microsoft addressed three zero-day vulnerabilities March 2022 Patch Tuesday Update
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Microsoft addressed 71 the following vulnerabilities in their March 2022 Patch Tuesday Update. This advisory briefs about six vulnerabilities out of which three of them have been rated critical in severity and three of them ar...
Mozilla: JavaScript unexpectedly enabled for the composition area
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird...
CVE-2021-42072
An issue was discovered in Barrier before 2.4.0. The barriers component aka the server-side implementation of Barrier does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to cause denial-of-service or stage further attacks...
CVE-2021-20341
The CVE-2021-20341 issue affects IBM Cloud Pak for Multicloud Management Monitoring prior to version 2.2.6. It arises from returning potentially sensitive information in HTTP headers, which could enable subsequent attacks against the system. CVSS details in the sources indicate a medium severity ...
IBM Cloud Pak System 安全漏洞
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak that stems from the return of...
Information disclosure
IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286...
U.S. Dept Of Defense: SharePoint Web Services Exposed to Anonymous Access
The SharePoint configuration for this particular site allows any user to access the spdisco.aspx on the web server which discloses the location of of all SharePoint's web service endpoints. The URLs are: ██████████ ███ Impact An adversary may utilize the exposed information about the web services...
py-markdown2 -- XSS vulnerability
TheGrandPew reports: python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2017-1260)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...