EUVD-2015-4666

Malware in sbrugna...

EUVD-2015-0033

Malware in sbrugna...

CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25434 more potentially affected by CVE-2024-38819 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2024-38819 Source advisory: OSV:GHSA-G5VR-RGQM-VF78...

Improper Authorization

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to Improper Authorization due to the enabled FABADDSECURITYAPI setting, which is disabled by default. An attacker can manipulate role assignments and...

CVE-2024-53949 Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FABADDSECURITYAPI is enabled disabled by default. Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue...

PT-2024-9970 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions 2.0.0 through 4.1.0 Description: The issue is related to an improper authorization procedure in the FAB ADD SECURITY API component of Apache Superset, allowing lower privilege users to use this API. This can potential...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an authorization issue vulnerability that stems from improper authorization settings that can be exploited by an attacker to use this API when FABADDSECURITYAPI is...

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining WS-2023-0429

Summary There is a vulnerability in Enterprise Security API for Java that could allow an remote attacker to steal cookie-based authentication credentials on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

AZL-47703 CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

CVE-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 270419 DESCRIPTION: Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a special...

Security Bulletin: Vulnerability in Enterprise Security API for Java affects IBM Process Mining - X-Force ID 270419

Summary There is a vulnerability in Enterprise Security API for Java that could allow a remote attacker to exploit this vulnerability and cause a denial of service condition.. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability...

curl: GSS delegation too eager connection re-use

A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...

CVE-2023-23302

The Toybox.GenericChannel.setDeviceConfig API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the executi...

AZL-25604 CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

DEBIAN-CVE-2023-25567

GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the avpair is not checked properly for two of the elements which can trigger an out-of-bound read. The...

AZL-12995 CVE-2022-3437 affecting package samba 4.12.5-7

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

Oracle Primavera Unifier (Oct 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management Apache Solr. Supported...