Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL – CVE-2023-28867
## Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycl ...
Continue Reading
July 10, 2023
php-cas – security update
A vulnerability has been found in phpCAS, a Central Authentication Service client library in php, which may allow an attacker to gain access to a victim's account on a vulnerable CASified service with ...
Continue Reading
July 08, 2023
ocsinventory-server – security update
The source package ocsinventory-server has been updated to address the API change in php-cas due to [CVE-2022-39369](https://security-tracker.debian.org/tracker/CVE-2022-39369), see DLA 3485-1 for det ...
Continue Reading
July 08, 2023
ruby:2.7 security, bug fix, and enhancement update
ruby [2.7.8-139] - Upgrade to Ruby 2.7.8. Resolves: rhbz#2149262 - Fix HTTP response splitting in CGI. Resolves: CVE-2021-33621 - Fix ReDoS vulnerability in URI. Resolves: CVE-2023-28755 - Fix R ...
Continue Reading
July 08, 2023
Connection Confusion
grpc is vulnerable to Connection Confusion. The vulnerability exists when the gRPC HTTP2 stack raised a header size exceeded error, and it skipped parsing the rest of the HPACK frame, which caused any ...
Continue Reading
July 08, 2023
Doorkeeper vulnerability
## Releases * Ubuntu 23.04 * Ubuntu 22.10 * Ubuntu 22.04 LTS * Ubuntu 20.04 LTS * Ubuntu 18.04 ESM * Ubuntu 16.04 ESM ## Packages * ruby-doorkeeper - OAuth 2 provider for Rails and Grape ...
Continue Reading
July 08, 2023
Exploit for Exposure of Resource to Wrong Sphere in Servicenow
Read More ...
Continue Reading
July 07, 2023
[SECURITY] Fedora 38 Update: picocli-4.7.4-1.fc38
Picocli is a modern library and framework, written in Java, that contains b oth an annotations API and a programmatic API. It features usage help with ANSI colors and styles, TAB auto-completion and n ...
Continue Reading
July 07, 2023
Security Bulletin: Watson CP4D Data Stores is vulnerable to SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744)
## Summary Potential SAP NetWeaver AS for JAVA security bypass vulnerability ( CVE-2023-30744) has been identified that may affect Watson CP4D Data Stores. Refer to details for additional information. ...
Continue Reading
July 07, 2023
Apache Superset vulnerable to Exposure of Sensitive Information
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0 ...
Continue Reading
July 07, 2023
