VMware Releases Security Updates for vRealize Log Insight

VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...

VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)

3a. Cross Site Scripting XSS vulnerabilities in vRealize Log Insight due to improper Input validation CVE-2020-3953 vRealize Log Insight does not properly validate user input, resulting in XSS vulnerabilities. VMware has evaluated the severity of this issue to be in the Important severity range...

VMSA-2020-0007:VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities

Advisory ID: VMSA-2020-0007.2 CVSSv3 Range: 6.1 - 8.4 Issue Date:2020-04-14 Updated On: 2020-06-24 CVEs: CVE-2020-3953, CVE-2020-3954 Synopsis: VMware vRealize Log Insight addresses Cross Site Scripting XSS and Open Redirect vulnerabilities CVE-2020-3953, CVE-2020-3954 RSS Feed Download PDF...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Windows

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Changes to Citrix Insight Services (CIS) and Customer Uploads

On March 18, 2020 we had a service disruption with Citrix Insight Services CIS platform which hosted the customer portal at cis.citrix.com, along with Call home, CEIP and few other services. Over the last few days, we have been in the process of bringing up most of the affected services and also...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Cognos Insight

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. This issue was disclosed as part of the IBM Java SDK updates in Oct 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability related to the Java SE Security...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2016; Sweet32: Birthday attacks on 64-bit block ciphers in TLS openssl and OpenSource OpenSSL Vulnerabilities Vulnerability Details CVEID: CVE-2000-1254 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016; and OpenSource OpenSSL Vulnerabilities Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsi...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017. Multiple Open Source OpenSSL vulnerabilities have also been addressed. Vulnerability Details CVEID: CVE-2016-21...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight.

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in April 2017 and July 2017. Vulnerability Details CVEID: CVE-2017-3511 DESCRIPTION: An unspecified vulnerability...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed. Vulnerability...

Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight

Summary Several vulnerabilities have been addressed for: IBM SDK Java Technology Edition Quarterly CPU Oct 2015, including Oracle Oct 2015 CPU; IBM SDK Java Technology Edition Quarterly CPU Jan 2016, including Oracle Jan 2016 CPU; Java specific SLOTH Weak MD5 Signature Hash; and several OpenSSL...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1131)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402)

Summary IBM Network Performance Insight has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-12402 DESCRIPTION: The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This...

Security Bulletin: Vulnerability affecting IBM Network Performance Insight (CVE-2019-16335)

Summary IBM Network Performance Insight has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-16335 DESCRIPTION: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different...

Security Bulletin: Vulnerabilities affect IBM Network Performance Insight (CVE-2019-14379, CVE-2019-17531, CVE-2019-14439 and CVE-2019-14540)

Summary IBM Network Performance Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-14379 DESCRIPTION: SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used because of...

CVE-2012-1994

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information...

Information disclosure

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information...

CVE-2012-1994

HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information...

CVE-2012-1994

CVE-2012-1994 affects HP Systems Insight Manager prior to version 7.0, enabling a remote user on an adjacent network to access information. The vulnerability is categorized as an information disclosure issue. The available documents confirm the affected product and the impact, but they do not pro...