I-O DATA DEVICE, INC. Security Vulnerabilities

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20919)

Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20919) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...

Security Bulletin: AIX is vulnerable to privilege escalation and denial of service (CVE-2023-45166, CVE-2023-45174, CVE-2023-45170)

Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20926)

Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20926) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details **...

[SECURITY] [DSA 5682-1] glib2.0 security update

Debian Security Advisory DSA-5682-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 07, 2024 https://www.debian.org/security/faq Package : glib2.0 CVE ID : CVE-2024-34397 Alicia Boya Garcia...

[SECURITY] [DLA 3806-1] distro-info-data database update

Debian LTS Advisory DLA-3806-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera May 01, 2024 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.41+deb10u9 This is a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

atl_token parameter visible from the URL

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce # Login to Bamboo # Create plans and generate report # Application sends a token through the URL itself. h3. Expected Results Application should not send atl_token parameter in URL h3. Actual Results application...

(RHSA-2024:2071) Moderate: OpenShift Container Platform 4.15.11 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.11. See the following advisory for the container...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pillow arbitrary code execution vulnerabilitiy.

Summary Potential Pillow arbitrary code execution vulnerabilitity have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-50447 ...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

[SECURITY] [DLA 3809-1] libkf5ksieve security update

Debian LTS Advisory DLA-3809-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk May 05, 2024 https://wiki.debian.org/LTS Package : libkf5ksieve Version : 4:18.08.3-2+deb10u1 CVE...

[SECURITY] [DLA 3818-1] apache2 security update

Debian LTS Advisory DLA-3818-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 24, 2024 https://wiki.debian.org/LTS Package : apache2 Version : 2.4.59-1~deb10u1 CVE ID :...

Exploit for Deserialization of Untrusted Data in Atlassian Bitbucket Data Center

CVE-2022-26133 说明 Atlassian Bitbucket Data Center...

cri-o security update

cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322,...

Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129

Hi, Is it possible to upgrade the moment.js library to 2.29.2 on all LTS version ? (It seems fixed in the 9.7.0 as this ticket seems to point https://jira.atlassian.com/browse/JRASERVER-74647) In our 9.4.2 LTS version it is still discovered as a vulnerability. Regards CWATCH...

Deserialization Of Untrusted Data

org.apache.activemq is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to org.jolokia.http.HttpRequestHandler#handlePostRequest creating a JmxRequest through a JSONObject and calls to org.jolokia.http.HttpRequestHandler#executeRequest. This issue can be exploited by an...

SSRF in Webhooks - CVE-2020-14170

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks. When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource....

Unauthorized Data Access

Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento...

Deserialization Of Untrusted Data

symbiote/silverstripe-multivaluefield is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to inadequate validation of user input, as well as object injection caused by support for handling PHP objects as values, which allows an attacker to inject malicious...

Blind SSRF in widgetConnector - CVE-2021-26072

Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability in the {{widgetconnector}} plugin. When running in an environment like Amazon EC2, this flaw may be used to...

perl:5.32 security update

perl-Algorithm-Diff perl-Archive-Tar perl-Archive-Zip perl-autodie perl-bignum perl-Carp perl-Compress-Bzip2 perl-Compress-Raw-Bzip2 perl-Compress-Raw-Lzma perl-Compress-Raw-Zlib [2.096-2] - Fix test broken by update in zlib on s390x - Related: RHEL-16371 perl-Config-Perl-V perl-constant...

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE:....

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2017-15718 DESCRIPTION: **Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN...

Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1

Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2021-43045 DESCRIPTION: **Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...

Bypass of device carrier restrictions (OS Version = android 12)

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details ** CVEID: CVE-2015-1772 DESCRIPTION: **Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error.....

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2021-28170 DESCRIPTION: **Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details ** CVEID: CVE-2023-41080 DESCRIPTION: **Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

(RHSA-2024:1899) Important: OpenShift Container Platform 4.12.56 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.56. See the following advisory for the container...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress [CVE-2024-26308]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress, caused by an out of memory error [CVE-2024-26308]. Apache Commons Compress is used as part of our Speech runtimes. This vulnerabilitiy has been addressed. Please....

(RHSA-2024:2049) Important: OpenShift Container Platform 4.13.41 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.41. See the following advisory for the container...

Deserialization Of Untrusted Data

joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array() function within numpy_pickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted...

Deserialization Of Untrusted Data

illuminate/cookie is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insecure cookie encryption and serialization logic, which allows attackers to potentially decrypt or manipulate cookie data, resulting in arbitrary code...

(RHSA-2024:1892) Important: OpenShift Container Platform 4.15.10 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.10. See the following advisory for the container...

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Bitbucket Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 7.21.0, 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, and 8.18.0 of Bitbucket Data Center and Server....

Medium: vim

Issue Overview: 2024-05-09: CVE-2020-20703 was added to this advisory. Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. (CVE-2020-20703) vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903) A flaw was found in.....

CVE-2023-0923

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other...

Exploit for Injection in Atlassian Confluence Data Center

项目介绍 此项目参考 Boogipop 师傅的项目...

Upgrade Tomcat to fix CVE-2023-46589

h3. Issue Summary Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a newer version to fix [CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589] Jira 9.0.x to 9.12 currently come bundled with a version of Tomcat which is vulnerable. Jira 8.x.x currently come bundled...

Exploit for Vulnerability in Atlassian Confluence Data Center

红队工具-Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具 漏洞影响范围...

Exploit for Injection in Atlassian Confluence Data Center

CVE-2023-22527-Godzilla-MEMSHELL Usage **ps:...

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425, CVE-2023-52426, CVE-2023-6597)

Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service (CVE-2023-52425, CVE-2023-52426) or launch further attacks on the system (CVE-2023-6597). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID:...

Exploit for Deserialization of Untrusted Data in Microsoft

nse-exchange Nmap NSE scripts to check against exchange...

Deserialization Of Untrusted Data

Whaleal IceFrog is vulnerable to Deserialization Of Untrusted Data. The vulnerability exists in the aviator Template Engine which can result in code...

Exploit for Vulnerability in Atlassian Confluence Data Center

CVE-2023-22515 Exploit Script 🔐 This script is designed to...

Exploit for Injection in Atlassian Confluence Data Center

Atlassian Confluence CVE-2023-22527 Scanner 🛡️ Overview 🌟...

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)

Impact An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze...

cri-o security update

cri-o [1.26.4-2] - Address CVE-2024-24786 cri-tools [1.26.1-5] - Address CVE-2024-24786 etcd [3.5.10-3] - Address protobuf [CVE-2024-24786] [3.5.10-1] - Added Oracle specific build files istio [1.17.8-3] - Address protobuf [CVE-2024-24786] - Backport from 1.19.7 to address CVE-2024-23322,...

Exploit for Vulnerability in Atlassian Confluence Data Center

...

GLib vulnerability

Releases Ubuntu 24.04 LTS Ubuntu 23.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages glib2.0 - GLib library of C routines Details Alicia Boya García discovered that GLib incorrectly handled signal subscriptions. A local attacker could use this issue to spoof D-Bus signals resulting in a variety...