EUVD-2017-1850

Malware in sbrugna...

CVE-2025-53031

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: Platform. Supported versions that are affected are 8.0.7.8, 8.0.8.5, 8.0.8.6, 8.1.1.4 and 8.1.2.5. Easily exploitable vulnerability allows...

CVE-2019-2575

Vulnerability in the Oracle AutoVue 3D Professional Advanced component of Oracle Supply Chain Products Suite subcomponent: Format Handling - 2D. Supported versions that are affected are 21.0.0 and 21.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTT...

PT-2025-21744

Name of the Vulnerable Software and Affected Versions: ECOVACS robot vacuums and base stations affected versions not specified Description: ECOVACS robot vacuums and base stations communicate over an insecure Wi-Fi network using a predictable WPA2-PSK. This allows for easy derivation of the Wi-Fi...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)

Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards

Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Java Buffer overflow in GC

Summary IBM Java: Buffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-50314 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2023-50314. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application...

Security Bulletin: IBM Datapower Operations Dashboard could allow a a denial of service CVEID 256137

Summary FasterXML Jackson Core is used by the IBM Datapower Operations Dashboard streaming and parsing implementation. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

Security Bulletin: IBM Tivoli Netcool Impact could provide weaker tha expected security due to IBM WebSphere Application Server Liberty (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

Security Bulletin: vulnerability in jackson-core might affect IBM Business Automation Workflow - PRISMA-2023-0067

Summary IBM Business Automation Workflow might be affected by a vulnerability in jackson-core. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By...

Security Bulletin: There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (IBM X-Force ID: 256137)

Summary There is a vulnerability in jackson-core-2.13.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the...

Security Bulletin: IBM TRIRIGA Application Platform discloses server-side request forgery (CVE-2020-11988)

Summary CV-2020-11988 Apache XML Graphis Commons is vulerable to server-side request forgery. Vulnerability Details CVEID: CVE-2020-11988 DESCRIPTION: Apache XML Graphics Commons is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a...

Security Bulletin: Watson CP4D Data Stores is vulnerable to unspecified vulnerability Golang Go (CCVE-2022-23773)

Summary Potential Golang Go unspecified vulnerability CVE-2022-237732 has been identified that may affect Watson CP4D Data Stores Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23773 DESCRIPTION: An unspecified error with not treating branches with...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2021-23413 DESCRIPTION: jszip is vulnerable to a denial of service, caused by a prototype pollution flaw. By using a specially-crafted zip file with filenames set to Object prototype values, a...

CVE-2023-21925

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

K33522171: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2020-14550 Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network...

K43540241: MySQL vulnerabilities CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, and CVE-2019-2626

Security Advisory Description CVE-2019-2620 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via...

K40293611: Oracle Java SE vulnerability CVE-2022-21349

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerabili...