Security Bulletin: IBM Security Verify Governance uses components with known vulnerabilities (CVE-2021-22696, CVE-2021-30468, CVE-2020-1954)
## Summary Components with the following Known Vulnerabilities have been upgraded in IBM Security Verify Governance. ## Vulnerability Details ** CVEID: **[CVE-2021-22696]() ** DESCRIPTION: **Apache C ...
Continue Reading
June 21, 2023
(RHSA-2023:3771) Important: Red Hat Virtualization security and bug fix update
The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host ad ...
Continue Reading
June 21, 2023
CVE-2023-2828
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that ...
Continue Reading
June 21, 2023
CVE-2023-0026
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of ...
Continue Reading
June 21, 2023
CVE-2023-2829
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely termina ...
Continue Reading
June 21, 2023
New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks
[]() A new malware called **Condi** has been observed exploiting a s ...
Continue Reading
June 21, 2023
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and i ...
Continue Reading
June 20, 2023
(RHSA-2023:3677) Important: c-ares security update
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) For more ...
Continue Reading
June 20, 2023
CVE-2023-3320
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php f ...
Continue Reading
June 20, 2023
Uncontrolled Recursion in HTTP2ToRawGRPCServerCodec
### Impact Affected gRPC Swift servers are vulnerable to uncontrolled recursion and stack consumption when parsing certain payloads. This may lead to a denial of service. ### Patches The problem has b ...
Continue Reading
June 19, 2023
