12 matches found
Security Bulletin: Multiple vulnerabilities due to libexpat have been identified in IBM HTTP Server used by IBM Rational ClearQuest
Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
CVE-2023-54203
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in initsmb2rsphdr When smb1 mount fails, KASAN detect slab-out-of-bounds in initsmb2rsphdr like the following one. For smb1 negotiate56bytes , initsmb2rsphdr for smb2 is called. The issue occurs whil...
CVE-2021-23002
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...
Oracle Linux 9 : tigervnc (ELSA-2025-2500)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-2500 advisory. - Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor Resolves: RHEL-79406 - Fix CVE-2025-26595 xorg-x11-server Buffer overflow in...
CLSA-2024-1722003981 httpd: Fix of 5 CVEs
CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...
SUSE CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12 security update
Red Hat OpenShift Container Platform release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...
CVE-2021-23002
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...
Vulnerability fixed in Kubernetes
A vulnerability has been fixed in Kubernetes. The vulnerability allows an authenticated malicious person with root privileges on a node to gain elevated privileges on other nodes running in the same cluster running. With these elevated rights to take over pods on the affected nodes. When multiple...
Security Bulletin: Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product
Summary DB2 contains several vulnerabilities which can affect the IBM Performance Management product. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2018-1723 DESCRIPTION: IBM Spectrum Scale could all...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2017-10356, CVE-2017-10345)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified...
Fedora 22 : nx-libs-3.5.0.32-1.fc22 (2015-11244)
Update to nx-libs 3.5.0.32 : - Proper integration of all patches in the source tarballs. Bugs in the tarball generation script and patch file names prohibited inclusion of many patches previously, including security fixes. - Better support for debug DEBUG, TEST, TRACE and other directives builds,...