编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2015-8383, CVE-2015-8381, CVE-2015-8386, CVE-2015-8388, CVE-2015-8385, CVE-2015-8387, CVE-2015-8391, CVE-2015-8390, CVE-2015-839...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +704 more potentially affected by CVE-2023-44487 via org.eclipse.jetty.http2:jetty-http2-server (>=12.0.0 <=12.0.19)

org.eclipse.jetty.http2:jetty-http2-server MAVEN version =12.0.0, =5.3.1, =2.6.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.295, =0.295, =0.295, =0.295, =0.295, =0.296 and more Source cves: CVE-2023-44487 Source advisory: OSV:GHSA-QPPJ-FM5R-HXR3...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By...

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilties

Summary IBM Planning Analytics Workspace is affected by vulnerabilities. Node.js is an open-source and cross-platform JavaScript runtime environment CVE-2022-35255, CVE-2022-35256. Node-tar is a full function tar library for node.js CVE-2018-20834. Swagger UI is used to visualize and interact wit...

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...

Security Bulletin: Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI

Summary Fixes are available for vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI CVE-2021-23926, CVE-2018-15494, CVE-2020-5258, CVE-2021-29425 and CVE-2020-11988. Vulnerability Details CVEID: CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of...

5 Ways Your Software Supply Chain is Out to Get You, Part 3: Exploit Open Source Libraries

In previous posts, we explained how two kinds of supply chain attack methods, Vendor Compromise and Exploit Third Party Applications, are threatening software supply chains, transferring an extraordinary amount of risk downstream to the organizations and users that trust and depend on them. In th...

Amnesia 33 vulnerabilities

Amnesia 33 vulnerabilities impacts four open source TCP/IP stacks uIP, FNET, picoTCP and Nut/Net libraries which are used in millions of smart IOT and embedded devices. These four open source TCP/IP stacks libraries are not used in the SonicWall firewall products. CVE: N/A Last updated: Jan. 6,...

Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection

A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...

Flaws Could Have Exposed Cryptocurrency Exchanges to Hackers

Researchers found troubling bugs in open-source libraries used by financial institutions...

Facebook Proxygen Resource Management Error Vulnerability

Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A resource management error vulnerability exists in Facebook Proxygen versions v0.29.0 through v2017.04.03.00. The vulnerability stems from the mismanagement of system resources e.g., memory, disk...

Code injection

3S-Smart Software Solutions GmbH CODESYS V3 Library Manager, all versions prior to 3.5.16.0, allows the system to display active library content without checking its validity, which may allow the contents of manipulated libraries to be displayed or executed. The issue also exists for source...

cloud.altemista.fwk.framework:cloud-altemistafwk-documentation (=3.1.0.RELEASE), cloud.altemista.fwk.soap:cloud-altemistafwk-core-soap-wss (>=3.0.0.RELEASE <=3.1.0.RELEASE) +505 more potentially affected by CVE-2019-12400 via org.apache.santuario:xmlsec (>=2.0.3 <=2.1.3)

org.apache.santuario:xmlsec MAVEN version =2.0.3, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =1.4.0.0, =0.7.0.1, =1.0.0, =1.31.0, =1.31.0, =1.31.0, =2.2.4, =2.2.4, =2.2.4, =2.3.19 - com.exacttarget:fuelsdk =1.1.0 and more Source cves: CVE-2019-12400 Source advisory:...

Amid Bug Bounty Hype, Sometimes Security is Left in the Dust

In January, the European Union kicked-off over a dozen new bug bounty programs targeting a bevy of popular open-source programs used by its members. The effort was supposed to be met with cheers. But instead, the launch sparked an unexpected backlash from the security community. The EU’s program...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities fixes to open source libraries distributed with IGI, other less secure algorithms for crypto, xss attacks and click...