In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential i ...
Continue Reading15 декабря, 2023
Summary IBM MQ has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By ...
Continue Reading15 декабря, 2023
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who h ...
Continue Reading15 декабря, 2023
nuxt-api-party is vulnerable to Denial of Service (DoS). The vulnerability could be exploited via crafting a malicious URL and setting high retry attempts, which allows an attacker to trigger a recurs ...
Continue Reading15 декабря, 2023
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8816029058 advisory. The Jupyter Server provides the backend (i.e. the core serv ...
Continue Reading15 декабря, 2023
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a diffe ...
Continue Reading15 декабря, 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilit ...
Continue Reading15 декабря, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to ...
Continue Reading15 декабря, 2023
Back to Main