Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary code execution due to Apache Commons Collections [CVE-2015-6420, CVE-2017-15708]

Summary Vulnerability in Apache Commons Collections library shipped with IBM Sterling Global Mailbox has been addressed. CVE-2015-6420, CVE-2017-15708 Vulnerability Details CVEID:CVE-2015-6420 DESCRIPTION: Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint...

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

SUSE: Security Advisory (SUSE-SU-2020:2970-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3037-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3143-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:3038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2969-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : libvirt (SUSE-SU-2020:2969-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. libxl: Fixed lock manager lock ordering bsc1171701. Note that Tenable Network...

SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:3037-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:3095-1)

This update for libvirt fixes the following issues : - CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. Note that Tenable Network Security has extracted the preceding description...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:3039-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Adjust max memlock on mdev hotplug bsc1177480. Xen: Don't add dom0 twice...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:3038-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. libxl: Fixed lock manager lock ordering bsc1171701. Note that Tenable Network...

SUSE SLED15 / SLES15 Security Update : libvirt (SUSE-SU-2020:2970-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. qemu: Avoid stale capabilities cache host CPU or kernel command line changes...

SUSE SLES12 Security Update : libvirt (SUSE-SU-2020:3143-1)

This update for libvirt fixes the following issues : CVE-2020-15708: Added a note to libvirtd.conf about polkit auth in SUSE distros bsc1174955. CVE-2020-25637: Fixed a double free in qemuAgentGetInterfaces bsc1177155. Note that Tenable Network Security has extracted the preceding description blo...

CVE-2020-15708

creationtimestamp| type| source ---|---|--- 2020-11-06 07:50:26+00:00| seen| https://t.me/cibsecurity/15962...

CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...

CVE-2020-15708

CVE-2020-15708 affects libvirt packaging in Ubuntu 20.04 LTS, where a control socket was created with world read/write permissions. This could allow an attacker to overwrite arbitrary files or execute arbitrary code locally. Ubuntu’s advisory USN-4452-1 addresses this by likely restricting the so...

CVE-2020-15708

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code...