Security Bulletin: Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench affected by Netty vulnerabilities (CVE-2020-7238, CVE-2019-16869, CVE-2019-20445, CVE-2019-20444)

Summary Netty is vulnerable to security issues affecting the Rational Integration Tester HTTP/TCP Proxy component in Rational Test Virtualization Server and Rational Test Workbench Vulnerability Details CVEID: CVE-2020-7238 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a...

CVE-2019-6019

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2019-6019

Untrusted search path vulnerability in STAMP Workbench installer all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

CVE-2019-6019

STAMP Workbench installer is affected by an insecure DLL search path (CWE-427) in the Windows installer, enabling arbitrary code execution with the user’s privileges via a Trojan horse DLL loaded from an unspecified directory. The issue is specific to the installer component, not the STAMP Workbe...

Security Bulletin: IBM i Access for Windows affected by vulnerability CVE-2015-7416.

Summary IBM i Access for Windows is affected by vulnerability CVE-2015-7416. This vulnerability affects the Windows system running the IBM i Access for Windows product. Vulnerability Details CVEID: CVE-2015-7416 DESCRIPTION: IBM i Access for Windows AFP Workbench Viewer contains a vulnerability...

SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2020-04285)

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...

Cloudera Data Science Workbench Privilege Check Bypass Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from Cloudera. A security vulnerability exists in Cloudera CDSW versions 1.4.0 through 1.4.2. The vulnerability stems from the system not properly restricting access to resources from unauthorized roles. An attacker can...

DLL Hijacking Vulnerability in Jingmai PC Client Software

Jingmai Workbench PC Version, Jingmai Workbench PC Version is a seller management tool for Jingdong Mall. Jingmai pc client software DLL hijacking vulnerability, an attacker can use the vulnerability in the client process to inject executable DLL file, to perform arbitrary functions...

STAMP Workbench installer may insecurely load Dynamic Link Libraries

Overview STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely...

STAMP Workbench Installer Code Issue Vulnerability

STAMP Workbench is a modeling tool that supports support for STAMP Systems Theory Accident Models and Processes/STPA Systems Theory Process Analysis. A code issue vulnerability exists in the STAMP Workbench installer that can be exploited by an attacker to cause unsafe loading of dynamic link...

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

Design/Logic Flaw

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

CVE-2018-20090

An issue was discovered in Cloudera Data Science Workbench CDSW 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder...

CVE-2018-20090

CVE-2018-20090 affects Cloudera Data Science Workbench (CDSW) versions 1.4.0–1.4.2. The issue is an access-control flaw that allows authenticated users to bypass project permission checks and gain read/write access to any project folder. Root cause: improper enforcement of project-level permissio...

JVN#19386781: STAMP Workbench installer may insecurely load Dynamic Link Libraries

STAMP Workbench is a modeling tool for STAMP provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA. It is distirbuted as a ZIP archive or an Windows executable installer. The Windows executable installer contains an issue with the DLL search path, which may lead to insecurely loading...

Rockwellautomation Connected Uncontrolled Search Path Element

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench CCW. The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVES...

SQLite CVE-2019-16168 Denial of Service Vulnerability

Description SQLite is prone to a denial of service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. SQLite 3.29.0 and prior versions are vulnerable. Technologies Affected Oracle Communications Design Studio 7.3.4.3.0 Oracle Communications Design Studio...

Unspecified Vulnerability in Oracle MySQL Workbench

Oracle MySQL is an open source relational database management system from Oracle. The database system has high performance, low cost, good reliability , etc. MySQL Workbench is one of the components designed specifically for MySQL with database modeling capabilities . Oracle MySQL Workbench has a...

SQLite CVE-2019-8457 Out of Bounds Read Heap Buffer Overflow Vulnerability

Description SQLite is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed...