Security Bulletin: API Connect is affected by a generated LoopBack APIs vulnerability (CVE-2018-1389)

Summary API Connect has addressed the following vulnerability. IBM API Connect is impacted by a generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. Vulnerability Details CVEID:CVE-2018-1389 DESCRIPTION: IBM API Connect is...

Common Resolutions to “Cannot Complete Your Request” when connecting directly to StoreFront Server

Symptoms or Error The “Cannot Complete Your Request” error is displayed through connecting directly to StoreFront server. However, this is an error could occur when connecting through Citrix Gateway or Load Balancer based on different deployment scenarios. To narrow down through which connection...

IBM API Connect Security Bypass Vulnerability (CNVD-2018-09233)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing, and securing APIs, microservices, and more. A security vulnerability exists in LoopBack APIs for a Model created in IBM API Connect. An attacker...

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213...

Design/Logic Flaw

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213...

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213...

CVE-2018-1389

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. IBM X-Force ID: 138213...

Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre)

Stack-based out-of-bounds read via vmcall instruction Linux kernel compiled with the KVM virtualization CONFIGKVM support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose...

Updated cups packages fix security vulnerability

Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could...

USN-3577-1 cups vulnerability

Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information...

coTURN TURN server unsafe loopback forwarding default configuration vulnerability

Summary An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running o...

CVE-2014-0219

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service shutdown by sending a shutdown command to all listening high ports...

Unauthorized Access

loopback is vulnerable to unauthorized access. If an admin instance and a customer instance share the same user id and password, the customer instance can change the password of the admin instance using their regular access token...

Juniper Junos Kernel Vulnerability (JSA10816)

According to its self-reported version number, the remote Junos device is affected by a vulnerability in the loopback interface that could cause the kernel to hang. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid104036; scriptversion"1.7";...

Juniper Junos OS Denial of Service Vulnerability (CNVD-2017-33972)

Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A security vulnerability exists in the Juniper Junos OS in the runtime configuration of the loopback filter action command...

CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

Heap overflow

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

DEBIAN-CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...