169 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by ITNCM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java...
Puppet Enterprise 2018.x < 2018.1.1 Code Execution Vulnerability
According to its self-reported version number, the Puppet install running on the remote host is version 5.5.x prior to 2018.1.1. It is, therefore, affected by a code execution vulnerability when upgrading the pe-razor-server component. C Tenable Network Security, Inc. include"compat.inc"; if...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
CVE-2019-6512
WSO2 API Manager 2.6.0 is affected by an SSRF issue that can force the application to access internal resources via the file:// wrapper, enabling requests to internal/workstation hosts (port-scanning), neighboring systems (network scanning), or file enumeration. The root cause is the presence of ...
CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation SSRF port-scanning, other adjacent workstations SSRF network scanning, or to enumerate files because of the existence of the file:// wrapper...
Privilege Escalation
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) (Multiple CVEs)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 1.6 and 1.7 that is used by IBM Flex System Manager FSM. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (CVE-2014-3566, CVE-2014-6512, CVE-2014-6457 CVE-2015-0410, CVE-2015-6593)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerabilityCVE-2014-3566. These were disclosed as part of th...
Security Bulletin: Vulnerability in SSLv3 and multiple vulnerabilities in IBM Java Runtime affect IBM Systems Director (CVE-2014-6512, CVE-2014-6457 and CVE-2014-3566)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 and earlier releases that is used by affect IBM Systems Director. This also includes a fix for the Padding Oracle On DowngradedLegacy Encryption POODLE SSLv3...
CVE-2018-17660
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17660
CVE-2018-17660 affects Foxit Reader 9.2.0.9297 on Windows. The flaw resides in the resetData method of a Host object, failing to validate the existence of an object before performing operations, which can allow an attacker to execute arbitrary code in the current process. The vulnerability requir...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2014 & January 2015
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updat...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2014-6512, CVE-2014-6457)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID: CVE-2014-6512 DESCRIPTION: An...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065)
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in October 2014. Vulnerability Details CVEID:CVE-2014-6512 DESCRIPTION:An...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect WebSphere Dynamic Process Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)
Summary There are multiple vulnerabilities in IBM® SDK for Java™ Technology Edition that is used by WebSphere Dynamic Process Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed as part of t...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3566)
Summary There are multiple vulnerabilities in IBM SDK for Java Technology Edition that is used by IBM Business Process Manager and WebSphere Lombardi Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues wer...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These issues were disclosed as part of t...
CVE-2018-6512
CVE-2018-6512 affects Puppet Enterprise 2018.1.x prior to 2018.1.1 and razor-server/pe-razor-server prior to 1.9.0.0, enabling unsafe code execution when upgrading pe-razor-server. Connected sources confirm affected versions and components. Exploitation status is not specified in the documents. R...
USN-3625-2: Perl vulnerabilities
USN-3625-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a...
USN-3625-1: Perl vulnerabilities
It was discovered that Perl incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause Perl to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. CVE-2015-8853 It was discovered that Perl incorrectly loaded libraries from th...