Security Bulletin: Apr 2020 : Multiple vulnerabilities in IBM Java Runtime affect TXSeries for Multiplatforms

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7.0, 7.1 and 8.0 used by TXSeries for Multiplatforms. TXSeries for Multiplatforms has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java S...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 5 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. Vulnerability Detai...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary Multiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition. Vulnerability Details CVEID: CVE-2020-2604 DESCRIPTION: An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. CVSS...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing Vulnerability Details CVEID: CVE-2020-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the RDBMS/Optimizer component could allow an authenticated attacker to obtain...

Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform Vulnerability Details CVEID: CVE-2020-2734 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the RDBMS/Optimizer component could allow an...

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with...

Microsoft Releases July 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU minus CVE-2020-2773 Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker t...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Cisco NX-OS Software Internet Group Management Protocol Snooping RCE and DoS (cisco-sa-20180620-nxosigmp)

According to its self-reported version, Cisco NX-OS Software is affected by a due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute...

Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway

Summary Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway Vulnerability Details CVEID: CVE-2019-2949 DESCRIPTION: An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting i...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of...

Cisco Releases Multiple Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...

Command Execution Vulnerability in Eurohoo Website System of Shanghai Eurohoo Network Technology Co.

Oahu System is a content and website management system. Shanghai Eurohoo Network Technology Co., Ltd Eurohoo website system suffers from a command execution vulnerability, which can be exploited by attackers to obtain system control privileges...

File Upload Vulnerability in WebAccess SCADA at Advantech (China) Co.

Advantech WebAccess/ SCADA is a browser-based SCADA software package for supervisory control, data acquisition and visualization. It is used to automate complex industrial processes in the context of remote operation. A file upload vulnerability exists in Advantech China WebAccess SCADA, which ca...

File Upload Vulnerability in YUNUCMS of Zhenjiang Yunyu Network Technology Co.

CloudYou CMS is a free + open source urban substation content management system based on TP5.0 framework as the core development. Zhenjiang Yunyu Network Technology Co., Ltd. YUNUCMS file upload vulnerability exists. An attacker can exploit the vulnerability to obtain system control privileges...

Microsoft Windows Defender Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Microsoft Releases June 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine

Summary There are multiple vulnerabilities in IBM Java Runtime Environment, Versions 7 and 8 that are used by Rational Publishing Engine. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Securi...