CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

Malicious code in nespresso-design-system (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e4df4d16cd100a965fef42c58150e9688849a5acfa8de2f809b3ed66f5ef9f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

Malicious code in scm-design-system-cra (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a41692a79d6b73b049dbff75d56c8a18218a4878d024ef4c0da7b19b16ebab3a) The OpenSSF Package Analysis project identified 'scm-design-system-cra' @ 0.1.1 (npm) as malicious. It is considered malicious because: The...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: jwt-tool, py3-urllib3, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: jwt-tool, py3-urllib3, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, superset, py3.10-tensorflow-core,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, superset, py3.10-tensorflow-core,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: pytorch, py3-jinja2, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, superset, dask-gateway, reflex,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: py3-urllib3, kube-downscaler, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, k8s-sidecar,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: py3-urllib3, kube-downscaler, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, k8s-sidecar,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: pytorch, py3-jinja2, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, superset, dask-gateway, reflex,...

CVE-2023-38883

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" (e.g....

CVE-2023-38879

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of...

CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing...

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: jwt-tool, az, airflow, mlflow, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, datadog-agent, superset, py3-cassandra-medusa, py3.10-tensorflow-core, kubeflow-pipelines, confluent-docker-utils,...

CVE-2018-25097

A vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of.....

CVE-2023-38884

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting...

CVE-2023-38881

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into any of the 'calendar_id', 'school_date', 'month' or...

CVE-2023-38882

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'include' parameter in...

Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...

Server Side Request Forgery (SSRF)

org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....

Server Side Request Forgery (SSRF)

org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: jwt-tool, az, airflow, mlflow, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, datadog-agent, superset, py3-cassandra-medusa, py3.10-tensorflow-core, kubeflow-pipelines, confluent-docker-utils,...

Open Redirect

org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized...

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized...

CVE-2021-4236

Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: jwt-tool, py3-idna, az, kubeflow-pipelines-visualization-server, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, datadog-agent, dask-gateway, py3-cassandra-medusa, ggshield, py3.10-tensorflow-core, kubeflow-pipelines, confluent-docker-utils,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: jwt-tool, py3-idna, az, kubeflow-pipelines-visualization-server, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, datadog-agent, dask-gateway, py3-cassandra-medusa, ggshield, py3.10-tensorflow-core, kubeflow-pipelines, confluent-docker-utils,...

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...

Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...

CVE-2023-24815

Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using StaticHandler on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (*) then an attacker can...

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore....

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...

CVE-2024-35180

OMERO.web provides a web based client and plugin infrastructure. There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. This vulnerability has been patched in version...

Code Injection

symfony is vulnerable to Code Injection. The vulnerability is due to lack of CSRF protection for the import/export feature, allowing attackers to exploit the PHP serialized string...

OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite.....

CVE-2023-40954

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. 11.0 through 11.0.2, v12.0 through v12.0.2, v.13.0 through v13.0.2, v.14.0 through v14.0.2.1, v.15.0 through v15.0.2, and v16.0 through v16.0.2.1 allows a remote attacker to gain privileges via the...

CVE-2019-25088

A vulnerability was found in ytti Oxidized Web. It has been classified as problematic. Affected is an unknown function of the file lib/oxidized/web/views/conf_search.haml. The manipulation of the argument to_research leads to cross site scripting. It is possible to launch the attack remotely. The.....

Reportico Web fails to invalidate cookies upon logout

An issue in Reportico Web before v.8.1.0. This vulnerability arises from the failure of the web application to properly invalidate session cookies upon logout. When a user logs out of the application, the session cookie should be invalidated to prevent unauthorized access. However, due to the...