Security Bulletin: Security vulnerabilities have been identified in the IBM Spectrum Protect Client that affect multiple IBM Spectrum Protect products

Summary The IBM Spectrum Protect formerly Tivoli Storage Manager Client is used as a component of IBM Spectrum Protect Snapshot formerly Tivoli Storage FlashCopy Manager for Windows and IBM Spectrum Protect formerly Tivoli Storage Manager HSM for Windows. Information about security vulnerabilitie...

Johnson Controls VideoEdge

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. Equipment: VideoEdge Vulnerability: Improper Handling of Syntactically Invalid Structure= 2. RISK EVALUATION Running a vulnerability...

Security Bulletin: Vulnerability in Redis affects IBM Event Streams (CVE-2021-32762)

Summary There is a vulnerability in the Redis open source database. The database is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-32762 DESCRIPTION: Redis could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the...

Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)

Summary There is a vulnerability in the Elasticsearch open source library. The library is used by IBM Cloud Private logging. This bulletin identifies the security fixes to apply to address the Elasticsearch vulnerability CVE-2021-22135, CVE-2021-22137. Vulnerability Details CVEID: CVE-2021-22135...

Security Bulletin: IBM Event Streams affected by potential buffer overflow in Golang (CVE-2021-38297)

Summary IBM Event Streams affected by vulnerabilitiy in Golang which may result in a buffer overflow CVE-2021-38297 Vulnerability Details CVEID: CVE-2021-38297 DESCRIPTION: Golang Go is vulnerable to a buffer overflow, caused by improper bounds checking when invoking functions from WASM modules. ...

Security Bulletin: Log4jShell Vulnerability affects Decision Optimization for Cloud Pak for Data (CVE-2021-44228)

Summary The Apache Log4j vulnerability used by Decision Optimization for Cloud Pak for Data has been addressed. IBM strongly recommends addressing the Log4j vulnerability CVE-2021-44228 now by upgrading. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote...

CVE-2021-43823

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

Code injection

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

CVE-2021-21528

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions...

Directory traversal

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions...

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.6.46 security update

Red Hat OpenShift Container Platform release 4.6.46 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

Deserialization of Untrusted Data in parlai

Impact Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. Patches The issue can be patched by upgrading to v1.1.0 or later. It can also be patche...

Cross site scripting

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting XSS. XSS could compromise the API request token. This issue has been fixed in version...

CVE-2021-2304 affecting package mysql 8.0.23-1

CVE-2021-2304 affecting package mysql 8.0.23-1. An upgraded version of the package is available that resolves this issue...

PT-2021-21818 · Icinga +1 · Icinga +1

Name of the Vulnerable Software and Affected Versions: Icinga versions 2.5.0 through 2.13.0 Description: Icinga is a monitoring system that checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The issue arises in the...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.23 security update

Red Hat OpenShift Container Platform release 4.7.23 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

CVE-2021-32813

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation,...