Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluat...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i. Vulnerability Details CVEID: CVE-2017-3514 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE AWT component could allow an unauthenticated attacker to take contro...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: ...

The vulnerability of the FasterXML function (com.zaxxer.hikari.HikariDataSource) in the Jackson-Databind JSON file parsing library allows a attacker to gain full control over the system.

The vulnerability of the FasterXML function com.zaxxer.hikari.HikariDataSource in the Jackson-Databind JSON parsing library involves memory corruption due to the incorrect structure of data being restored. Exploiting this vulnerability could allow an attacker to gain full control over the system...

The vulnerability of the FasterXML function in the Jackson-Databind Java library for JSON file grammar analysis allows a attacker to gain full control over the system.

The vulnerability of the FasterXML function com.zaxxer.hikari.HikariConfig in the Jackson-Databind JSON parsing library allows for the restoration of unreliable data structures in memory. Exploiting this vulnerability can enable a malicious actor to gain full control over the system...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10 FP5 and Version 6 SR16 FP45 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in Jul 2017. Vulnerability Details CVEID: CVE-2017-10125 DESCRIPTION: An...

The vulnerability of Oracle Solaris’s Filesystem component, which allows a hacker to gain full control over the system

The vulnerability of Oracle Solaris’s Filesystem component is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the system...

CVE-2019-8912

In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Windows Graphics Component Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

Smartweares HOME easy Information Disclosure Vulnerability

Smartweares HOME easy is prone to an information disclosure vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Vulnerability

Exploit for hardware platform in category web applications Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541...

Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure

Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 7.0.10.35 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the applicable CVEs. These issues were also addressed by IBM...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0.10.35, that is used by IBM Cloud Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2019. Vulnerability Details CVEID: CVE-2019-2698 DESCRIPTION: An unspecified vulnerabilit...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

VMware Releases Security Update for Harbor Container Registry for PCF

VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry PCF. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Oracle Releases October 2019 Security Bulletin

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...