343 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights, including Broken security fixes in IBM Java and IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 (CVE-2016-0264, CVE-2016-0363)
Summary Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting IBM SDK Java has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-0264 DESCRIPTION: A...
Security Bulletin: Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights.
Summary Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting IBM SDK Java has been published in a security bulletin. Vulnerability Details Please consult the security bulleti...
Code injection
On all 7.x versions fixed in 8.0.0, when set up for auto failover, a BIG-IQ Data Collection Device DCD cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service DoS and impact the stability of a BIG-IQ high...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2020 CPU (CVE-2020-14782)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 used by 4.1.0.0 to 4.1.0.3 and Version 8 used by 4.1.0.4 to 4.1.0.6 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. Vulnerabili...
PRTG Network Monitor 7.x - 22.1.75.1569 XSS Vulnerability
PRTG Network Monitor is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
Design/Logic Flaw
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory...
Cross site scripting
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter...
CVE-2020-24665
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service DoS condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in ...
Security update for nodejs10 (moderate)
openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:0065-1 Rating: moderate References: 1179491 1180553 1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...
SUSE-SU-2021:0060-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
Drupal REST/JSON Security Vulnerability
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows user registration bypass...
Drupal REST/JSON Security Vulnerability
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal REST/JSON project 7.x-1.x that allows users to enumerate...
Drupal 7.x < 7.74 / 8.x < 8.8.11 / 8.9.x < 8.9.9 / 9.0.x < 9.0.8 RCE (SA-CORE-2020-012)
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.74, 8.x prior to 8.8.11, 8.9.x prior to 8.9.9, or 9.0.x prior to 9.0.8. It is, therefore, affected by a remote code execution vulnerability in its file upload functionality due to a...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - CVE-2020-2601 affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. CVE-2020-2601 was disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability...
Debian: Security Advisory (DLA-2291-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Java Vulnerability Impacts IBM Control Center
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. The issue was disclosed as part of the IBM Java SDK update in April 2018. Vulnerability Details CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability...
Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2018-1656)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION:The IBM Java Runtime...
Security Bulletin: There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler.
Summary here are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, Version 8, that is used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in January 2020. Vulnerability Details CVEID: CVE-2020-2593 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics
Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 7 used by IBM Spectrum LSF Analytics. IBM Spectrum LSF Analytics has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products an...
CVE-2020-5576
Movable Type CSRF (CVE-2020-5576) affects Movable Type and related products across multiple versions (MT 7 r.4606/7.2.1 and older; MT 6.5/6.3 series; MT Advanced and Premium variants; MT for AWS). Root cause described as a Cross‑site Request Forgery vulnerability that allows remote attackers to h...