In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential i ...
Continue ReadingDecember 15, 2023
Summary IBM MQ has resolved a denial of service vulnerability. Vulnerability Details CVEID: CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By ...
Continue ReadingDecember 15, 2023
EspoCRM is an Open Source CRM (Customer Relationship Management) software. In affected versions there is Server-Side Request Forgery (SSRF) vulnerability via the upload image from url api. Users who h ...
Continue ReadingDecember 15, 2023
nuxt-api-party is vulnerable to Denial of Service (DoS). The vulnerability could be exploited via crafting a malicious URL and setting high retry attempts, which allows an attacker to trigger a recurs ...
Continue ReadingDecember 15, 2023
Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/ as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a diffe ...
Continue ReadingDecember 15, 2023
Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilit ...
Continue ReadingDecember 15, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate information related to ...
Continue ReadingDecember 15, 2023
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID: CVE-2023-22081 DESCRIPTION: An unspe ...
Continue ReadingDecember 15, 2023
Back to Main