Security Bulletin: vulnerability in urllib3 library embedded into Tensorboard PowerAI CVE-2019-11324

Summary The urllib3 1.24.1 library mishandles SSL connections in certain cases where a verification failure is the correct outcome. This library version is embedded into Tensorboard 1.13, which is included in PowerAI 1.6.0. Vulnerability Details Vulnerability Details CVEID: CVE-2019-11324...

Security Bulletin: IBM PureApplication Service is affected by vulnerabilities (CVE-2018-3639, CVE-2018-3640)

Summary IBM has released Version 2.2.5.3 for IBM PureApplication Service, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, in response to CVE-2018-3639 and CVE-2018-3640. IBM PureApplication Service has addressed the following...

Compatibility update for installing Windows 10, version 1809: May 21, 2019

Compatibility update for installing Windows 10, version 1809: May 21, 2019 Summary This update makes improvements to ease the installation experience when updating to Windows 10, version 1809. How to get this update This update is available through Windows Update. It will be downloaded and...

Denial Of Service (DoS)

OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2426 DESCRIPTION: An...

CVE-2019-5011

An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use...

Security Bulletin: Security Vulnerabilities in Network Time Protocol Daemon affect Intel Manycore Platform Software Stack for use on Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi 7120P PCI-Express add-in cards

Summary Security Vulnerabilities in Network Time Protocal Daemon affects the Intel Manycore Platform Software Stack for use on the Intel Xeon Phi PCI-Express add-in cards. Vulnerability Details Abstract Security Vulnerabilities in Network Time Protocal Daemon affects the Intel Manycore Platform...

Schneider Electric EcoStruxure

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Open Redirect 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to use this device as a platform to...

Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884)

Summary IBM Case Manager has addressed the following vulnerability. A Zip Slip vulnerability is exposed in Case Manager with the ability to import solution package zip files. CVE-2018-1884 Vulnerability Details CVEID: CVE-2018-1884 DESCRIPTION: IBM Case Manager is vulnerabile to a "zip slip"...

Debian DLA-1597-1 : gnuplot security update

gnuplot, a command-line driven interactive plotting program, has been examined with fuzzing by Tim Blazytko, Cornelius Aschermann, Sergej Schumilo and Nils Bars. They found various overflow cases which might lead to the execution of arbitrary code. Due to special toolchain hardening in Debian,...

[SECURITY] Fedora 27 Update: patch-2.7.6-5.fc27

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The I...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 & 8 and IBM® Runtime Environment Java™ Version 7 & 8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTIO...

[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the Security Bulletin:...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in April 2018 Vulnerability Details If you run your own Java code using the IBM...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2017-3736, CVE-2017-3737, CVE-2017-3738)

Summary OpenSSL vulnerabilities were disclosed on November 2, 2017 and December 7, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a remote...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in July 2017. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)

Summary Struts vulnerabilities affect ISD Server. ISD Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

Security Bulletin: IBM Flex System Manager (FSM) is affected by a giflib vulnerability (CVE-2016-3977)

Summary A security vulnerability has been discovered in giflib that is embedded in the IBM FSM. This bulletin addresses this vulnerability Vulnerability Details CVEID: CVE-2016-3977 DESCRIPTION: giflib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by...