Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...

CVE-2021-41554

ARCHIBUS Web Central 21.3.3.815 a version from 2014 does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...

CVE-2025-23011 Fedora Repository archive extraction path traversal

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

Fedora Repository fedoraIntCallUser default credentials and insecure archive extraction

RISK EVALUATION Fedora Repository 3.8 includes default user credentials and allows path traversal when extracting uploaded archive files. An attacker can exploit these vulnerabilities to read sensitive data and execute arbitrary commands with the privileges of the Java web application server...

PT-2024-28243 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.3.0p18 Checkmk versions 2.2.0p35 Checkmk versions 2.1.0p48 Checkmk versions =2.0.0p39 EOL Description: The issue concerns the insertion of sensitive information into log files in Checkmk, causing SNMP and IMPI secrets of ho...

Updated libreoffice package fixes security vulnerability

The Certificate Validation user interface in LibreOffice allows a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the mac...

Apache Subversion Server SEoL (1.5.x)

According to its version, Apache Subversion Server is 1.5.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...

Design/Logic Flaw

A vulnerability in class-of-service CoS queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service DoS. Specific packets are being incorrectly routed to a queue used for other high-priority traffic such a...

PT-2022-27841 · Apache · Apache Tapestry

Name of the Vulnerable Software and Affected Versions: Apache Tapestry versions 3.x Description: The issue allows deserialization of untrusted data, leading to remote code execution. This problem is similar to but distinct from an issue affecting the 4.x version line. The affected version line,...

Brave Search wants to replace Google’s biased search results with yours

Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...

CVE-2022-29943

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity XXE processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201...

PYSEC-2022-66

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

.NET 5.0 Update

.NET 5.0 Update .NET 5.0 has been refreshed with the latest update as of August 10, 2021. This update contains reliability and other non-security fixes. See the release notes for details on updated packages. .NET 5.0 servicing updates are upgrades. The latest servicing update for 5.0 will remove...

July 6, 2021—KB5004959 (Security-only update) Out-of-band

July 6, 2021—KB5004959 Security-only update Out-of-band Important: Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this...

Security Bulletin: Vulnerability CVE-2017-15906 in OpenSSH affects IBM i

Summary OpenSSH is used by IBM i. IBM i has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-15906 DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the processopen function when in read-only mode. A remote authenticated attacker could exploit thi...

Security Bulletin: IBM i is affected by DHCP vulnerabilities (CVE-2015-8605 and CVE-2016-2774).

Summary IBM i DHCP is vulnerable to several security vulnerabilities. Vulnerability Details CVEID: CVE-2015-8605 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by the failure to properly check the UDP payload length. By sending a specially crafted packet with an invalid IPv4 U...

Security Bulletin: Cross-site scripting vulnerability in CacheMonitor for WebSphere Application Server (CVE-2018-1767)

Summary There is a potential cross-site scripting vulnerability in the Cache Monitor web application in WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1767 DESCRIPTION: IBM WebSphere Application Server CacheMonitor is vulnerable to cross-site scripting. This vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager (CVE-2016-5597, CVE-2016-5542)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in October 2016. Vulnerability Details CVEID: CVE-2016-5597 DESCRIPTION: An...

Security Bulletin: Vulnerabilities in unzip affect IBM DataPower Gateways (CVE-2014-8141)

Summary IBM DataPower Gateways has addressed a vulnerability in 'unzip utility' that it uses to list, test, or extract files from a zip archive. Vulnerability Details CVEID: CVE-2014-8141 DESCRIPTION: Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the...

Drupwn - Drupal Enumeration & Exploitation Tool

Drupwn claims to provide an efficient way to gather drupal information. Further explaination on blog post article Supported tested version Drupal 7 Drupal 8 Execution mode Drupwn can be run, using two seperate modes which are enum and exploit. The enum mode allows performing enumerations whereas...