Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2023-46136].

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2023-46136. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsin...

Information exposure in xwiki-platform

Impact It's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. Patches The problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Workarounds There's no easy workaround other than applying the upgrade...

Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

DSA-1556-2 perl - denial of service

Bulletin has no description...