Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. This were disclosed as part of the IBM Java SDK updates in April 2020. Vulnerability Details CVEID: CVE-2020-2781 DESCRIPTION: An unspecified vulnerability in...

Elastic Stack 7.9.0 and 6.8.12 Security Update

Elasticsearch field disclosure flaw ESA-2020-12 A field disclosure flaw was found in Elasticsearch when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran, the scrolling search can leak fields that should be hidden. This...

Authentication flaw

Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session base64-encoded. The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor...

USN-4390-1: Linux kernel vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose...

Security Bulletin: Multiple vulnerabilities have been identified in IBM® SDK, Java™ Technology Edition shipped with IBM Tivoli Business Service Manager April 2020 CPU

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

[SECURITY] Fedora 30 Update: glibc-2.29-29.fc30

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Security Bulletin: Multiple cross-site scripting vulnerabilities affect IBM DOORS Next Generation

Summary There are multiple cross-site scripting defects that affect IBM DOORS Next Generation DNG/RRC Vulnerability Details CVEID: CVE-2019-4740 DESCRIPTION: IBM DOORS Next Generation DNG/RRC is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...

PT-2020-11915 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.7 through 12.8.1 Description: The issue allows for information disclosure under certain group conditions, where group epic information was unintentionally being disclosed. Recommendations: For GitLab versions 11.7 through...

CVE-2020-1931

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian...

Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI

Summary Multiple Vulnerabilities CVE-2019-14493, CVE-2019-14492 and CVE-2019-14491 were found in OpenCV package. Vulnerability Details CVEID: CVE-2019-14493 DESCRIPTION: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI Vision

Summary Vulnerability CVE-2019-8457 in SQLite package. Vulnerability Details CVEID: CVE-2019-8457 DESCRIPTION: SQLite3 version 3.6.0 - 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVSS Base score: 5.3 CVSS Temporal Score: See:...

CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....

Design/Logic Flaw

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in Apr 2019 and July 2019. Vulnerability Details If you run your own Java code usi...

Tachyon - Fast HTTP Dead File Finder

Tachyon is a fast web application security reconnaissance tool. It is specifically meant to crawl web application and look for left over or non-indexed files with the addition of reporting pages or scripts leaking internal data. User Requirements Linux Python 3.5.2 User Installation Install: $...

Tiki Wiki CMS Groupware <= 18.4 XSS Vulnerability

Tiki Wiki CMS Groupware is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

rest-client Gem Contains Malicious Code

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Users of an affected version should consider downgrading to the last non-affected version of 1.6.9, or upgrading to 1.7.x. Additionally, a set of other...

Google Chrome Security Updates (stable-channel-update-for-desktop_30-2019-07) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Security Bulletin: Vulnerabilities exist in Watson Explorer

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 and Version 7 used by Watson Explorer and Watson Content Analytics. Watson Explorer and Watson Content Analytics have addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The I...