Security Bulletin: Multiple security vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager October 2019 CPU

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about a security vulnerability affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss...

Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)

Nextcloud Server is prone to an improper input vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Merge + Minify + Refresh < 1.10.7 - Authenticated Arbitrary File Delete

The plugin relied on the isadmin check, without checking the user's capabilities, when deleting arbitrary files. The functionality was also vulnerable to Cross-site Request Forgery CSRF allowing attackers to delete arbitrary files by tricking authenticated users into visiting a page they...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Identity Insight on Windows platforms (CVE-2019-4732)

Summary There is a vulnerability in the IBM Java SDK that is used by IBM WebSphere Application Server shipped as part of IBM InfoSphere Identity Insight. This vulnerability affects Windows platforms only. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes secti...

WordPress Merge + Minify + Refresh plugin <= 1.10.6 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by NinTechNet in WordPress Merge + Minify + Refresh plugin versions = 1.10.6. Solution Update the WordPress Merge + Minify + Refresh plugin to the latest available version at least 1.10.7...

SUSE-SU-2020:0051-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 bsc1158442, bsc1154212 Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981...

SUSE-SU-2020:14263-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Update to 7.1 Service Refresh 4 Fix Pack 55 bsc1158442, bsc1154212 Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2978 CVE-2019-2983 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999 CVE-2019-2973 CVE-2019-2981...

SUSE-SU-2020:0001-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 6 bsc1158442, bsc1154212 Security fixes: CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2975 CVE-2019-2978 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992...

openssh: Missing character encoding in progress display allows for spoofing of scp client output

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle attacker can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This...

Cisco Emergency Responder Denial of Service (cisco-sa-20171115-vos)

According to its self-reported version, the Cisco Emergency Responder CER is affected by an unauthorized access vulnerability. The vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated,...

When closing and re-opening Workspace on IOS, refreshing or launching apps causes failure.

After IOS has enumerated and/or launched apps through Storefront via Netscaler Gateway, and the Workspace app is closed but not logged out, when re-opening Workspace you get failure when refreshing apps or launching new ones. Error message seen if clicking an app after re-opening workspace -...

SUSE-SU-2019:14059-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729. -...

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...

CVE-2019-3790

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...

CVE-2019-3790 Ops Manager uaa client issues tokens after refresh token expiration

The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was...

Security Bulletin: IBM Maximo Asset Management is vulnerable to Back and Refresh Attack (CVE-2019-4048)

Summary IBM Maximo Asset Management could allow a physical user of the system to obtain sensitive information from a previous user of the same machine. Vulnerability Details CVEID: CVE-2019-4048 DESCRIPTION: IBM Maximo Asset Management could allow a physical user of the system to obtain sensitive...

SUSE-SU-2019:1345-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729. -...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14059-1)

This update for java-171-ibm fixes the following issues : Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729...

Mozilla: Use-after-free with SMIL animation controller

A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leav...

Security Bulletin: Vulnerability in Rational Functional Tester versions 8.5.1.1 and earlier due to security vulnerability in IBM SDK, Java Technology Edition Version 7 Service Refresh 6 (CVE-2013-5907, CVE-2014-0417)

Summary A security vulnerability exists in IBM SDK, Java Technology Edition Version 7 Service Refresh 6 that can affect the security of Rational Functional Tester RFT. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this...