Oracle Secure Global Desktop has an unspecified vulnerability (CNVD-2021-54715)

Oracle Secure Global Desktop is a secure remote access solution for any cloud-hosted enterprise applications and hosted desktops running on Microsoft Windows, Linux, Oracle Solaris, and mainframe servers. A security vulnerability exists in the Server component in version 5.6. An attacker could...

Oracle Secure Global Desktop has an unspecified vulnerability (CNVD-2021-54714)

Oracle Secure Global Desktop is a secure remote access solution for any cloud-hosted enterprise applications and hosted desktops running on Microsoft Windows, Linux, Oracle Solaris, and mainframe servers. A security vulnerability exists in the Client component in version 5.6. An attacker could...

UBUNTU-CVE-2020-27618

The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a deni...

kernel: kernel stack information leak on s390/s390x

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

UBUNTU-CVE-2020-10773

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...

Dahua Network Keyboard and Face All-in-One Mainframe with Information Leakage Vulnerability

DH-NHB5000 is a new generation of full-touch network keyboard designed and developed by Dahua Corporation. An information leakage vulnerability exists in the Dahua Network Keyboard and Face All-in-One Host. An attacker can exploit the vulnerability to bypass authentication to obtain sensitive...

USN-4342-1 linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2, linux-raspi2-5.3 vulnerabilities

Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondary address mode. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2020-11884 It was discovered that t...

The vulnerability of the software for working with the Mainframe Enablers ResourcePak Base file server, related to deficiencies in access control, allows a perpetrator to increase their privileges and obtain information necessary for compromising the target system.

The vulnerability of the software for working with Mainframe Enablers ResourcePak Base is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and obtain information necessary for compromising the target system...

Z/OS (MVS) Command Shell, Bind TCP

Provide JCL which creates a bind shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

Local elevation of privilege vulnerability in multiple IBM DB2 products (CNVD-2017-32876)

IBM DB2 and DB2 Connect Server for Linux, UNIX, and Windows are database products for Linux, UNIX, and Windows platforms from IBM Corporation, U.S.A. DB2 is a relational database management system for use in large application environments.DB2 Connect Server is a DB2 Connect Server is a mainframe...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Scripting Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability (CNVD-2017-26443)

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company. micro Focus Enterprise Developer is a set of integrated development environments for the mainframe. enterprise Server is a production deployment platform for mainframe programs. Enterprise...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

smartessentialoils.younglivingworld.com XSS vulnerability

Vulnerable URL: http://smartessentialoils.younglivingworld.com/MainFrame.asp?BodyFrame=1"...

EMC Mainframe Enablers ResourcePak Base Local Elevation of Privilege Vulnerability

EMC Mainframe Enablers ResourcePak Base is a set of mainframe enabler components from EMC Corporation. A security vulnerability exists in EMC Mainframe Enablers ResourcePak Base. An attacker could exploit this vulnerability to compromise a vulnerable system...

CVE-2017-4982

EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system...

Privilege escalation

EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system...

CVE-2017-4982

EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system...

CVE-2017-4982

EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system...

CVE-2017-4982

CVE-2017-4982 affects EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0. The provided documents describe a privilege management vulnerability that could allow a malicious user to compromise the affected system, and note that a fix exists for these versions. No explicit root...