Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Unauthorized Time Zone Modification

IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server has a vulnerability which affects the time zone information of the application. The vulnerability is possible because java.util.TimeZone fails to prevent the untrusted Java application or applet to change the time zo...

Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment that is bundled along with IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 ,...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in July 2018. An Open Source OpenSSL vulnerabilitiy has also been addressed. Vulnerability Details If you run your own Jav...

CentOS 6 : java-1.7.0-openjdk (CESA-2018:3409)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java Runtime Environment's Diagnostic Tooling Framewo...

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-2943)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-2943 advisory. 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz1633817 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. -...

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

java security update

CentOS Errata and Security Advisory CESA-2018:2286 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: Man In The Middle Attack Vulnerability Affecting Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software (CVE-2014-0411)

Summary The version of the Java Runtime Environment shipped with certain versions of Rational Developer for AIX and Linux, Rational Developer for i, and Rational Developer for Power Systems Software has security vulnerabilities which affect these products. Vulnerability Details | Subscribe to My...

java security update

CentOS Errata and Security Advisory CESA-2018:2241 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: IBM Cognos Metrics Manager 2018 Q2 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. IBM Cognos Metrics Manager consumes OpenSSL. Multiple vulnerabilities have been addressed in OpenSSL. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.6 and 1.7 that is used by FSM. These issues were disclosed as part of the IBM Java SDK updates in April 2017. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3539 DESCRIPTIO...

Security Bulletin: Multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager (FSM) Storage Management Install Anywhere (SMIA)

Summary There are multiple vulnerabilities in Oracle® Java™ Runtime Environment version 1.7 that is used by IBM Flex System Manager FSM Storage Management Install Anywhere SMIA configuration tool. These issues were disclosed as part of the Java updates from July 2015, October 2015, January 2016 a...