241 matches found
Security Bulletin: A vulnerability in IBM Java SDK affects IBM Standards Processing Engine and IBM Transformation Extender Advanced (CVE-2016-5597)
Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7 and 8, that is used by IBM Standards Processing Engine and IBM Transformation Extender Advanced. This issue was disclosed as part of the IBM Java SDK updates for October 2016. Vulnerability Details CVEID: CVE-2016-55...
[WP-H5] yVault.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits
Lines of code Vulnerability details function deposituint256 amount public noContractmsg.sender requireamount 0, "INVALIDAMOUNT"; uint256 balanceBefore = balance; token.safeTransferFrommsg.sender, addressthis, amount; uint256 supply = totalSupply; uint256 shares; if supply == 0 shares = amount; el...
The Senate Bill That Has Big Tech Scared
The proposal would stop the biggest platforms from giving themselves an advantage over the little guys. Who's afraid of a little competition?...
Debian: Security Advisory (DSA-5075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Observability by Instana and IBM Observability with Instana - Server and Agents are vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105, CVE-2021-45046)
Summary Vulnerabilities detected in Apache Log4j affects IBM Observability by Instana and IBM Observability with Instana. The CVE numbers are: CVE-2021-45105 and CVE-2021-45046. These vulnerabilities have been addressed in both the Server and Agent components. The fix includes Apache Log4j v2.17...
CVE-2021-28712
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
Security Bulletin: IBM Watson Compare and Comply for IBM Cloud Pak for Data affected by vulnerability in Apache PDFBox
Summary IBM Watson Compare and Comply for IBM Cloud Pak for Data contains a vulnerable version of Apache PDFBox. Vulnerability Details CVEID: CVE-2021-31811 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception while loading a file. By persuading a...
Security Bulletin: Vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used in Jetty Server 9.4.14 where Rational Synergy is deployed.
Summary A security vulnerability in Jasper, Version 8 Service Refresh 5 Fix Pack 33, used by Jetty versions 9.4.14 is affecting IBM Rational Synergy. Vulnerability Details CVEID: CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on th...
HackerOne: Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information
Summary: Mishandling of hackerone clear background checks resulting in disclosure of other hacker's information . Description: I received a hackerone clear invite for "█████" I am not █████. There appears to be some kind of off by one error or similar problem with the hackerone clear invites! fir...
The Gig Economy Creates Novel Data-Security Risks
As businesses strive to move faster and faster, many are adopting a “just-in-time” strategy of spinning up human resources on demand – a phenomenon known as the gig economy, familiar to most via Uber, Instacart or DoorDash. But it’s a concept that enterprises are embracing too – inadvertently...
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258)
Summary Dojo vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift. Vulnerability Details CVEID: CVE-2020-5258 DESCRIPTION: Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollutio...
Security Bulletin: IBM Kenexa LMS On Premise -CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component could...
Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...
Security Bulletin: IBM Kenexa LMS On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)
Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component...
Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition
Summary CVE-2020-14782 was disclosed as part of the Oracle October 2020 Critical Patch Update. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality...
Security Bulletin: Infosphere BigInsights is affected by a vulnerability that could allow a local attacker to obtain the value-add services passwords stored in the Ambari configuration file (CVE-2015-4928, CVE-2015-4940).
Summary Infosphere BigInsights is affected by a vulnerability that could allow a local attacker to obtain value-add services passwords stored in the Ambari configuration file. The passwords are shown in plain text CVE-2015-4928, CVE-2015-4940. Vulnerability Details CVEID: CVE-2015-4928 DESCRIPTIO...
Citrix license files shows a warning symbol on the SA date in the Licensing tab on Studio
The Subscription advantage date for a license shows a warning symbol-...
International Women’s Day: How to support and grow women in cybersecurity
Today, March 8, we are proud to celebrate International Women’s Day. The United Nations announced this year’s theme as “Women in leadership: Achieving an equal future in a COVID-19 world.” As a woman, a mother, a daughter, a sister, a friend, and a leader at Microsoft, this is an important time t...
Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU
Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...
Security Bulletin: Security vulnerability in IBM Java SDK affecting Rational Synergy (CVE-2019-4732)
Summary There is a security vulnerability in IBM® SDK Java™ Technology Edition, Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55 used by Rational Synergy versions 7.2.1.0 to 7.2.1.7. Rational Synergy has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-4732...