Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs. This bulletin provides patch information to address the vulnerabilities Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-ur...

CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

EUVD-2019-12495

Malware in sbrugna...

EUVD-2019-12081

Malware in sbrugna...

CISA Releases Guidance: TIC 3.0 Remote User Use Case

In coordination with the Office of Management and Budget OMB, the Federal Chief Information Security Officer Council FCISO Trusted Internet Connections TIC Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote Us...

Docker Resource Management Error Vulnerability (CNVD-2021-27276)

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the Third Party Tools Bouncy Castle Java Library component of Oracle WebLogic Server. An unauthenticated attacker with network access via HTTPS could explo...

CVE-2020-2546

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Application Container - JavaEE. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

CVE-2020-2546

CVE-2020-2546 affects Oracle WebLogic Server (Oracle Fusion Middleware), specifically the Application Container - JavaEE component. Affected versions are 10.3.6.0.0 and 12.1.3.0.0. The vulnerability enables an unauthenticated attacker with network access via T3 to compromise WebLogic Server, with...

CVE-2020-2546

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Application Container - JavaEE. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise...

Oracle WebLogic Server Component Access Control Error Vulnerability (CNVD-2019-27104)

Oracle Fusion Middleware, the digital business platform for enterprise and cloud computing, is a comprehensive middleware product family that enables organizations to create and run agile, intelligent business applications and maximize IT efficiency by leveraging modern hardware and software...

CVE-2018-12298

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

Directory traversal

Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2441

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Application Container - JavaEE. The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2019-2441

CVE-2019-2441 affects Oracle WebLogic Server 12.2.1.3 (Application Container - JavaEE). The vulnerability allows unauthenticated, network-based attackers to access WebLogic via HTTP and read a subset of data; CVSS v3.0 base score 5.3 (confidentiality impact: low). Connected sources confirm the af...

[SECURITY] Fedora 28 Update: uwsgi-2.0.17.1-1.fc28

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...

CVE-2016-3299

Summary: CVE-2016-3299 is a NetBIOS spoofing vulnerability in multiple Windows platforms where NetBIOS responses can be validated incorrectly, allowing remote attackers to hijack network traffic or bypass Enhanced Protected Mode/application container protections and render untrusted browser conte...

Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability

This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...

[SECURITY] Fedora 21 Update: uwsgi-2.0.11.1-1.fc21

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...