Yokogawa Test & Measurement Corporation Security Vulnerabilities

ruby:3.0 security update

ruby [3.0.7-143] - Fix Zlib test failures on s390x due to HW acceleration Related: RHEL-36189 [3.0.7-142] - Upgrade to Ruby 3.0.7. Resolves: RHEL-36189 - Fix HTTP response splitting in CGI. Resolves: RHEL-36193 - Fix ReDoS vulnerability in URI. Resolves: RHEL-36196 - Fix ReDoS...

Oracle WebLogic Web Services Test Client Detection

Oracle WebLogic Web services test client was detected on the remote...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential...

Exploit for Deserialization of Untrusted Data in Apache Log4J

[![Download](https://img.shields.io/github/v/release/rakutentech......

Malicious code in test-poc2 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (70d622822e0356b992f815ba0a803ee7598a5ff51894216a53a95ac034ca1185) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in test-poc3 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0dd2e1b9551e2d05eb6769e870035396fbdd5bd09b3116b00901a73cb9e64859) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

test-hi.hawk.de Cross Site Scripting vulnerability OBB-3885675

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

test-hi.hawk.de Cross Site Scripting vulnerability OBB-3901472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

python39:3.9 and python39-devel:3.9 security update

An update is available for python-pluggy, module.python-iniconfig, module.python-psycopg2, module.python-more-itertools, module.python3x-pip, module.python3x-setuptools, python-requests, python-psutil, numpy, module.python-ply, module.python-psutil, module.python-pycparser, module.python-cffi,...

CVE-2023-47108

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels net.peer.sock.addr and net.peer.sock.port that have unbound cardinality. It leads to the server's potential memory exhaustion....

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai...

postgresql security update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system...

CVE-2023-0330

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or...

Exploit for Heap-based Buffer Overflow in Microsoft

libarchive-harness-win - CVE-2024-20696 Blog post:...

CVE-2014-125028

A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is...

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai...

Exploit for Out-of-bounds Write in Apple Ipad Os

Write up is here:...

Malicious code in @ssr-frontend/test-poc3 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (03b39fa743b5b3cc6ff2265f4913473e51a661ac1f7d41f7855e4ced61af77aa) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-32419

An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in...

Exploit for Path Traversal in Vmware Cloud Foundation

CVE-2021-21972 CVE-2021-21972 Works On ...

CVE-2024-36227 DOM XSS in `/libs/dam/gui/coral/components/commons/assetselector/test/clientlibs/test/js/demo.js` via postmessage

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

(RHSA-2024:2246) Moderate: ansible-core bug fix, enhancement, and security update

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to....

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...

(RHSA-2024:3466) Important: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging (JAI) is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

CVE-2024-36227 DOM XSS in `/libs/dam/gui/coral/components/commons/assetselector/test/clientlibs/test/js/demo.js` via postmessage

Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically requires...

Amazon Linux 2023 : ansible-core, ansible-test (ALAS2023-2024-644)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-644 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, >, or...

ansible-core bug fix, enhancement, and security update

[1:2.14.14-1] - ansible-core 2.14.14 release (RHEL-23783) - Fix CVE-2024-0690 (possible information leak in tasks that ignore ANSIBLE_NO_LOG configuration) (RHEL-22124) [1:2.14.13-1] - ansible-core 2.14.13 release (RHEL-19298) [1:2.14.12-1] - ansible-core 2.14.12 release...

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2023-21716_exploit test of...

python39:3.9 and python39-devel:3.9 security update

mod_wsgi numpy python39 [3.9.19-1] - Update to 3.9.19 - Security fixes for CVE-2023-6597 and CVE-2024-0450 - Fix tests for XMLPullParser with Expat with fixed CVE Resolves: RHEL-33676, RHEL-33688 python3x-pip python3x-setuptools python3x-six python-cffi python-chardet python-cryptography...

Exploit for CVE-2023-38831

CVE-2023-38831 winrar exploit generator Quick poc test...

Exploit for CVE-2021-1675

PrintNightmare Python implementation for PrintNightmare...

Apache ActiveMQ Web Console Test Pages Information Disclosure

The Apache ActiveMQ Web Console running on the remote host is leaking information via its test pages. The ActiveMQ Web Console allows unrestricted, unauthenticated access by default, and the test pages are used for testing the environment and web framework. One of the included test pages,...

test-b2b-gdm-figaro1.pantheonsite.io Cross Site Scripting vulnerability OBB-3884756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-26047 Stored XSS in `/libs/dam/gui/coral/components/commons/assetselector/test/clientlibs/test/js/demo.js`

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

Malwarebytes Premium Security stops 100% of malware during AV Lab test

Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.” For its performance in the May 2024 evaluation,...

Exploit for CVE-2023-45779

**This repository is provided AS IS to accompany [a Meta Red...

CVE-2024-26047 Stored XSS in `/libs/dam/gui/coral/components/commons/assetselector/test/clientlibs/test/js/demo.js`

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the...

python3.11 security update

[3.11.7-1] - Rebase to 3.11.7 Resolves: RHEL-20233 [3.11.5-2] - Security fix for CVE-2023-27043 Resolves:...

Exploit for CVE-2024-20356

CVE-2024-20356 This is a proof of concept for CVE-2024-20356,...

Exploit for Use After Free in Linux Linux Kernel

CVE-2022-32250-Linux-Kernel-LPE Demo Video...

IceWarp Email Client - Cross Site Scripting

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid...

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37697) Security Fix(es): ruby: Buffer overread...

Moderate: ruby:3.3 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (3.3). (AlmaLinux-37446) Security Fix(es): ruby: Buffer overread...

(RHSA-2024:2292) Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Exploit for CVE-2024-4367

PDF.js Vulnerability Demo Project This project is intended to...

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-scan A fully...

Moderate: ruby:3.0 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621) ruby: ReDoS vulnerability in URI (CVE-2023-28755) ruby: ReDoS...

(RHSA-2024:2985) Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...