Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

Summary Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

Mageia: Security Advisory (MGASA-2022-0435)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone (IBM X-Force ID: 237819)

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone IBM X-Force ID: 237819. The fix includes a version of moment-timezone 0.5.35 Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote...

CLSA-2022-1667495676 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08. That fixes following CVEs: - CVE-2022-21619: Improper handling of long NTLM client hostnames - CVE-2022-21624: Insufficient randomization of JNDI DNS port numbers - CVE-2022-21626: Excessive memory allocation in X.509 certificate...

CLSA-2022-1667494847 java-1.8.0-openjdk: Fix of 4 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08. That fixes following CVEs: - CVE-2022-21619: Improper handling of long NTLM client hostnames - CVE-2022-21624: Insufficient randomization of JNDI DNS port numbers - CVE-2022-21626: Excessive memory allocation in X.509 certificate...

CVE-2022-43102

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

CVE-2022-43102

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

Stack overflow

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

CVE-2022-43102

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

CVE-2022-43102

Tenda AC23 V16.03.07.45cn was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function...

CVE-2022-43102

CVE-2022-43102 affects Tenda AC23 (V16.03.07.45_cn). A stack overflow in the fromSetSysTime function, triggered by the timeZone parameter, is described across multiple sources as enabling arbitrary code execution. The vulnerability is rated high impact (confidentiality, integrity, availability) w...

PT-2022-26752 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: A stack overflow issue was discovered via the timeZone parameter in the fromSetSysTime function. Recommendations: For Tenda AC23 version 16.03.07.45 cn, as a temporary workaround, consider...

The vulnerability of the SetNTPServerSettings function in D-Link COVR 1200, 1202, and 1203 router microprogramming systems allows a hacker to execute arbitrary commands.

The vulnerability of the SetNTPServerSettings function in D-Link COVR 1200, 1202, and 1203 router microprogramming systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through t...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

Debian: Security Advisory (DLA-3162)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3162-1] libdatetime-timezone-perl new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3162-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 26, 2022 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 3161-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3161-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 26, 2022 https://wiki.debian.org/LTS -...

DLA-3161-1 tzdata - new timezone database

Bulletin has no description...

DLA-3162-1 libdatetime-timezone-perl - new timezone database

Bulletin has no description...

java-11-openjdk security and bug fix update

1:11.0.17.0.8-2.0.1 - link atomic for ix86 build 1:11.0.17.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv JDK-8293834 - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on...