EUVD-2022-32052

Malicious code in bioql PyPI...

Security Bulletin: Urbancode Deploy is vulnerable to incorrect authorization reading Component Processes ( CVE-2022-35716 )

Summary Component process security checks can sometimes grant read-level access to users that do not have access if the process is owned by a Component Template and an endpoint performs multiple validations. Vulnerability Details CVEID:CVE-2022-35716 DESCRIPTION: IBM UrbanCode Deploy UCD could...

[SECURITY] Fedora 37 Update: exim-4.96-5.fc37

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

CVE-2022-27551

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking...

Input validation

HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking...

CVE-2022-27551

CVE-2022-27551 affects HCL Launch. An authenticated user could obtain sensitive information due to improper security checking. Affected product/versions cited by connected sources include HCL Launch 7.x.x.x (CNNVD notes specific 7.0.0.0–7.0.5.11, 7.1.0.0–7.1.2.7, 7.2.0.0–7.2.3.0) with the issue s...

CVE-2022-35716

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360...

CVE-2022-35716

IBM UrbanCode Deploy UCD 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360...

UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()

Overview Affected versions have no limit to using unsafe-accessor. Can be ignored if SecurityCheck.AccessLimiter not setup Details If UA was loaded as a named module, the internal data of UA will be protected by JVM and others can only access UA via UA's standard api. Main application can setup...

Vmware Carbon Black Cloud Authentication Bypass Vulnerability

Vmware Carbon Black Cloud is a Sass platform from Vmware USA that provides security checking and defense capabilities for cloud endpoints. VMware Carbon Black Cloud Workload 1.0.1 and prior versions have an authentication bypass vulnerability that could allow a user with network access to the...

Open-Xchange: Pre-auth buffer over-read in Dovecot NTLM implementation

Hi, Dovecot security team. I am Orange from DEVCORE security team. We just did a little security audit on the authentication mechanism of Dovecot, and found a buffer over-read in NTLM implementation. The structure of NTLM field is defined in ntlm-types.h c struct ntlmsspbuffer uint16t length; /...

Mozilla Thunderbird < 16.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 16.0 and thus, is affected by the following vulnerabilities : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-3983 - '' elements can be abused t...

Mozilla Firefox ESR Multiple Vulnerabilities - 01 - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GetProperty function can bypass security checks — Mozilla

Mozilla community member Alice White reported that when the GetProperty function is invoked through JSAPI, security checking can be bypassed when getting cross-origin properties. This potentially allowed for arbitrary code execution...

user value of JiraAuthenticationContext not set is SOAP service getIssue()

Call to JiraAuthenticationContext.setUser missing during getIssue SOAP service call. Service call will fail silently if there are custom fields with explicit secutity checking for attributes derived from current user. In my case I try to verify existance of an issue using getIssue SOAP service...

USN-510-1: Linux kernel vulnerabilities

A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. CVE-2007-2525 An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel...

[Squid 2004-betaNC-001] Inadequate Security Checking in NukeCops betaNC Bundle

=========================================================================== =========================================================================== Advisory: 2004-betaNC-001 Affected Software: Nuke Cops betaNC PHP-Nuke Bundle w/ PHPNuke 6.5 and later Affected Versions: all cvs versions Main...

Windows Azure Pack: Web Sites V2

Detectoid checks for the existence of Windows Azure Pack: Web Sites V2 or Windows Azure Pack Web Sites V2U1 or Windows Azure Pack Web Sites V2U2 or Windows Azure Pack Web Sites V2U3 or V2U4 or V2U6 13,18 or V2U7 or V2U9 or V2U11 or V2U12...