CVE-2018-9073 CMM Security Vulnerability

Lenovo Chassis Management Module CMM prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets...

CVE-2018-19091

The CVE-2018-19091 entry concerns Tianti 2.3, where a reflected XSS vulnerability exists in the user management module. The issue is triggered via the tianti-module-admin/user/list userName parameter, enabling an attacker to inject scripts that may execute in a victim’s browser. The available con...

CVE-2018-19090

CVE-2018-19090 affects Tianti 2.3, with a stored XSS vulnerability in the article management module that is triggered via the article title. The provided documents consistently describe the issue as a stored XSS in Tianti 2.3’s article title field, without detailing affected versions beyond 2.3 o...

CVE-2018-15318

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this...

Security Bulletin: Vulnerability in libapr1 affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in libapr1. Vulnerability Details CVEID: CVE-2017-12613 DESCRIPTION: Apache Portable Runtime APR could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds array...

CVE-2018-15311

When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload LRO feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected...

Security Bulletin: Vulnerabilities in cURL affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in cURL. Vulnerability Details CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An...

Security Bulletin: Vulnerability in OpenSSL affects IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in freetype2 (CVE-2016-10328)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in freetype2. Vulnerability Details CVEID: CVE-2016-10328 DESCRIPTION: Freetype 2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds write related to the cffparserrun function i...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in php

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in php. Vulnerability Details CVEID: CVE-2018-7584 DESCRIPTION: PHP is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the phpstreamurlwraphttpex function in...

F5 BIG-IP Denial of Service Vulnerability (CNVD-2018-21232)

F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in the F5 BIG-IP. A remote attacker can exploit this vulnerability to cause a denial of service wh...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in ncurses (CVE-2017-13733)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in ncurses. Vulnerability Details CVEID: CVE-2017-13733 DESCRIPTION: Ncurses is vulnerable to a denial of service, caused by an illegal address access in the fmtentry function in progs/dumpentry.c. By...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in dhcp (CVE-2017-3144)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerability in dhcp. Vulnerability Details CVEID: CVE-2017-3144 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by the failure to properly clean up closed OMAPI connections. A remote attacker...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerabilities in freetype2 (CVE-2016-10244 CVE-2017-8105 CVE-2017-8287)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in freetype2. Vulnerability Details CVEID: CVE-2017-8287 DESCRIPTION: Freetype2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the t1builderclosecontour function in...

CVE-2018-5535

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of...

IMM2 Information Disclosure Vulnerability in Multiple IBM Products

IBM Flex System x220 Compute Node and others are different series of server devices from IBM Corporation in the U.S. Integrated Management Module II IMM2 is one of the integrated management modules. A security vulnerability exists in IMM2 in several IBM products. A remote attacker could exploit...

CVE-2017-3774

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 IMM2 earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination...

CVE-2014-9989

CVE-2014-9989 affects Android devices with Qualcomm Snapdragon Mobile and Snapdragon Wear (e.g., MDM9206/9607/9615/9625/9635M, MSM8909W, SD 210/212/205, SD 400/410/12, SD 425/430/600/615/16/SD 415/625/650/52/808/810/450, etc.). The vulnerability is in the USB management module and is triggered by...

CVE-2017-6158

In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 there is a vulnerability in TMM related to handling of invalid IP addresses...

CVE-2018-5503

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action...