Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"fonttools-4.44.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, fonttools-4.55.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl, werkzeug-3.0.6-py3-none-any.whl, filelock-3.13.4-py3-none-any.whl,...

EUVD-2025-27546

Malicious code in bioql PyPI...

BIT-OPENLDAP-2020-15719

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux...

CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Starting in version 0.37.0 and prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the...

CVE-2023-41331 SOFARPC Remote Command Execution (RCE) Vulnerability

SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out...

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1642 more potentially affected by CVE-2023-36464 via pypdf2 (>=2.4.2 <=3.0.1)

pypdf2 PYPI version =2.4.2, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1028 and more Source cves: CVE-2023-36464 Source advisory: OSV:GHSA-4VVM-4W3V-6MR8...

SUSE CVE-2020-15719

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux...

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service DoS conditions, information leaks and remote code execution RCE in various web applications, researchers are warning. The bugs were found in third-party web...

PT-2022-24696 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: Template toolkit affected versions not specified ALT Linux affected versions not specified Description: The issue allows an attacker to potentially execute malicious Perl code in the Template toolkit by installing an unverified third-party...

EulerOS Virtualization 2.9.1 : openldap (EulerOS-SA-2021-1618)

According to the versions of the openldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. A...

FreeBSD Patches TCP Processing DoS Vulnerability

FreeBSD has patched a denial-of-service vulnerability that could affect a host of third-party packages built atop the UNIX-like operating system. The vulnerability—found in the way FreeBSD processes TCP packets—was discovered by a member of Juniper Networks’ incident response team. FreeBSD’s...

FreeBSD Servers Compromised; Third-Party Software Packages Could be Impacted

FreeBSD is warning users of the open source UNIX-like operating system about a compromise of a pair of servers used to build third-party software. The organization said attackers had sufficient access to affect third-party packages distributed by the project and suggests that any software install...

VMware Releases Updates for ESX Service Console Packages

VMware has released security updates for multiple third party packages for the ESX Service Console. These updates address vulnerabilities in the perl, krb5, samba, tar, and cpio packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a...

Subversion Client/Server Detection (Windows)

Subversion, an open source version control system, is installed on the remote system. Subversion can be installed on Windows using CollabNet-certified binaries or through third-party packages such as VisualSVN, TortoiseSVN, and SlikSVN. Third-party packages typically include CollabNet binaries in...

CVE-2004-2133

Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories suc...