Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to an authenticated user accessing sensitive information [CVE-2024-31893 CVE-2024-31894 CVE-2024-31895]

Summary IBM App Connect Enterprise Certified Container Designer flows that use the calendly, square or docusign connector are vulnerable to loss of confidentiality when an access token expires and is refreshed. This bulletin provides patch information to address the reported vulnerability in the...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

SUSE: Security Advisory (SUSE-SU-2019:2117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sensitive data exposure in NATS

Overview Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementatio...

CVE-2019-16409

CVE-2019-16409 affects the SilverStripe Versioned Files module up to version 2.0.3 on SilverStripe 3.x. Unpublished file versions are publicly exposed when their URLs are guessed, aided by knowledge of the module’s source code. The issue is a information disclosure due to insufficient access cont...

Security Bulletin: IBM Security Access Manager appliances are affected by a command injection vulnerability (CVE-2017-1453)

Summary IBM Security Access Manager has addressed the following command injection vulnerability, which affects IBM Security Access Manager version 9.0.3.0 appliances. Vulnerability Details CVEID: CVE-2017-1453 DESCRIPTION: IBM Security Access Manager Appliance could allow a remote authenticated...

Debian DSA-3855-1 : jbig2dec - security update

Multiple security issues have been found in the JBIG2 decoder library, which may lead to denial of service, disclosure of sensitive information from process memory or the execution of arbitrary code if a malformed image file usually embedded in a PDF document is opened. %NASLMINLEVEL 70300 C...

Oracle VirtualBox Multiple DoS Vulnerabilities (Feb 2015) - Linux

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

Galilery 'index.php' Local File Include Vulnerability

Galilery is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Windows Address Book Insecure Library Loading Vulnerability

This host is installed with Microsoft Address Book and is prone to insecure library loading vulnerability. This NVT has been replaced by NVT secpodms10-096.nasl OID:1.3.6.1.4.1.25623.1.0.901169. OpenVAS Vulnerability Test $Id: gbmsaddressbookinsecurelibloadvuln.nasl 5368 2017-02-20 14:34:16Z cfi ...

Absolute Banner Manager - Insecure Cookie Handling

| | / | \ \ / / / | / | | | | \ | | | | \ V / | | | | | | | | | | | | | || | | | | | | | | | | | | | | || | / || | || \ | Author : Hakxer Home : Www.educ-up.com Type Gap : Insecure Cookie Handling script : Absolute Banner Manager see script http://www.xigla.com/absolutebmnet/demo.htm Team : EgY...

Linux Kernel 多个安全漏洞

Linux是开放源代码的操作系统。 Linux Kernel存在多个安全问题，本地攻击者可利用漏洞进行拒绝服务，提升特权等攻击。 Kernel 2.6.8及之前版本受此漏洞影响，目前没有详细漏洞细节提供。 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 + S.u.S.E. Lin...