Ruby vulnerabilities CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
* [CVE-2019-8322]() An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is cr ...
Continue Reading
October 20, 2022
Security Bulletin: IBM Sterling B2B Integrator B2B API vulnerable to multiple issues due to Apache Zookeeper (CVE-2019-0201, CVE-2021-21409)
## Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Apache Zookeeper. ## Vulnerability Details ** CVEID: **[CVE-2019-0201]() ** DESCRIPTION: **Apache ZooKeeper could a ...
Continue Reading
October 19, 2022
Security Bulletin: IBM MQ is affected by an identity spoofing issue in IBM WebSphere Application Server Liberty (CVE-2022-22475)
## Summary An identity spoofing issue was found within IBM WebSphere Application Server Liberty, which IBM MQ uses to provide WebConsole and REST API functionality. ## Vulnerability Details **CVEID: * ...
Continue Reading
October 19, 2022
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocke ...
Continue Reading
October 18, 2022
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocke ...
Continue Reading
October 18, 2022
Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle
## Summary IBM Sterliing File Gateway has addressed multiple security vulnerabilities in Bouncy Castle. ## Vulnerability Details ** CVEID: **[CVE-2016-1000343]() ** DESCRIPTION: **Bouncy Castle JCE Pr ...
Continue Reading
October 14, 2022
Metasploit Wrap-Up
## Spring Cloud Gateway RCE  This week, a new [module]() that exploits a code injection vulnerab ...
Continue Reading
October 14, 2022
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a la ...
Continue Reading
October 12, 2022
Weak Password Requirements
etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess o ...
Continue Reading
October 10, 2022
Improper Validation of Array Index
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are be ...
Continue Reading
October 10, 2022
