CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...

SUSE-SU-2018:1815-1 Security update for zlib

This update brings zlib to 1.2.7, bringing bugfixes and speedups. It also reduces a buildtime issue with clamav 0.100 which caused hangs on 32bit platforms. bsc1095016...

Compatibility update for upgrading to Windows 10 Version 1803: June 26, 2018

Compatibility update for upgrading to Windows 10 Version 1803: June 26, 2018 Summary This update makes improvements to ease the upgrade experience to Windows 10 Version 1803. How to get this update This update is available through Windows Update. It will be downloaded and installed automatically...

Security Update for Microsoft Office Viewers Microsoft Office Compatibility Pack (KB4018308)

A security vulnerability exists in Microsoft Office Viewers Microsoft Office Compatibility Pack that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Compatibility update for upgrading to Windows 10 Version 1709: June 21, 2018

Compatibility update for upgrading to Windows 10 Version 1709: June 21, 2018 Summary This update makes improvements to ease the upgrade experience to Windows 10 Version 1709. How to get this update This update is available through Windows Update. It will be downloaded and installed automatically...

SUSE-SU-2018:1751-1 Security update for SUSE Manager Server 3.1

This update provides the following fixes and improvements for SUSE Manager Server 3.1: The following new package has been added: py26-compat-salt: This package provides compatibility with Python 2.6 for salt. This update includes the following new features: fate325476 Additonally, the following...

kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c

Incorrect error handling in the setmempolicy and mbind compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation...

Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2017-16932)

Summary A vulnerability has been identified in libxml2 that is embedded in FSM. This bulletin addresses that issue. Vulnerability Details CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sendin...

Security Bulletin: A vulnerability in glibc affects IBM Flex System Manager (FSM) (CVE-2017-1000366)

Summary A vulnerability has been discovered in glibc that is embedded in FSM. This bulletin addresses that issue. Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially...

Security Bulletin: Multiple vulnerabilities in strongswan affect IBM Flex System Manager (FSM) (CVE-2017-9023, CVE-2017-9022)

Summary Multiple vulnerabilities have been identified in strongswan that is embedded in the FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-9023 DESCRIPTION: strongSwan is vulnerable to a denial of service, caused by the improper handling of CHOICE types ...

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in libxml2 that is embedded in FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2016-4658 DESCRIPTION: The libxml2 library, as used in multiple products, could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V840 (CVE 2015-1831)

Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V840. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V840. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem V9000 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

Summary There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update CPU which the IBM® FlashSystem™ V9000 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a local attacker to...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Network Advisor (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Network Advisor. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)

Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by the IBM FlashSystem V840. Vulnerability Details CVE-ID: CVE-2011-3389 DESCRIPTION: Multiple products could allow a remote attacker to obtain...

Security Bulletin:Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem V840,(CVE-2014-3566)

Summary Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. NSS is used by the IBM FlashSystem V840. FlashSystem V840 has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2014-356...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM XIV Management Tools (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM XIV Management Tools. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

Security Bulletin: Vulnerability in RC4 stream cipher affects TS3310 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects TS3310. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM Virtualization Engine TS7700 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM Virtualization Engine TS7700 Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could...

Security Bulletin: Vulnerability in RC4 stream cipher affects TS4500 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects TS4500. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...