Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2018...

Security Bulletin: IBM Development Package for Apache Spark might create a remote exploitation vector against old Internet Explorer browsers through XSS

Summary IBM Development Package for Apache Spark addresses the following vulnerability. The vulnerability is a potential cross-site scripting XSS attack on a Web UI client; server-side analytical processing by Apache Spark is not affected and data is not compromised. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. The issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: A...

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by OpenSSL vulnerabilities: CVE-2014-0224

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID:CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients and...

js-given code execution vulnerability

js-given is a developer-oriented , BDD for JavaScript Behavior Driven Development, Behavior Driven Development tools . A security vulnerability exists in js-given that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability ...

Synapse Hijacking Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. There is a security vulnerability in Synapse. An attacker can exploit the vulnerability to hijack 'rooms' message channels...

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in...

FTPShell Server Denial of Service Vulnerability

FTPShell Server is a safe and reliable FTP client tool. A security vulnerability exists in FTPShell Client version 6.80. An attacker can exploit this vulnerability to launch a denial of service attack...

Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

ISC BIND Access Control Vulnerability (Jun 2018) - Windows

Some versions of BIND can improperly permit recursive query service to unauthorized clients. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

DEBIAN-CVE-2018-5127

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

CVE-2017-7806

A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox 55...

DEBIAN-CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

DEBIAN-CVE-2017-5465

An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and...

CVE-2017-5412

A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox 52 and Thunderbird 52...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

UBUNTU-CVE-2017-7844

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2016-9897

Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

vector-logo.net XSS vulnerability

Open Bug Bounty ID: OBB-627706 Description| Value ---|--- Affected Website:| vector-logo.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...