Security Bulletin: Websphere Application Server Liberty vulnerabilities used by IBM Streams

Summary Websphere Application Server Liberty vulnerability CVE-2020-4329 affecting IBM Streams Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain...

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2020-4329)

Summary Security vulnerability affects IBM Watson Explorer. Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by...

openSUSE Security Update : file-roller (openSUSE-2020-825)

This update for file-roller fixes the following issues : - CVE-2020-11736: Fixed a directory traversal vulnerability due to improper checking whether a file's parent is an external symlink bsc1169428. - CVE-2019-16680: Fixed a path traversal vulnerability which could have allowed an overwriting o...

CVE-2020-9254

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123C432E19R2P5patch02, versions earlier than 10.1.0.126C10E11R5P1, and versions earlier than 10.1.0.160C00E160R2P8 have a logic check error vulnerability. A logic error occurs when the software checking the size of certain parameter, th...

CVE-2020-7826

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the...

CVE-2020-6165

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

Default credentials

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

CVE-2020-6165

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited...

SUSE-SU-2020:1709-2 Security update for mercurial

This update for mercurial fixes the following issues: Security issue fixed: - CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos bsc1133035...

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. About Apple security updates F...

Windows Address Book Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Address Book WAB improperly processes vcard files. To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book WAB. After successfully exploiting the vulnerability, an attacker coul...

SUSE SLED15 / SLES15 Security Update : mercurial (SUSE-SU-2020:1709-1)

This update for mercurial fixes the following issues : Security issue fixed : CVE-2019-3902: Fixed incorrect patch-checking with symlinks and subrepos bsc1133035. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

GitHub Security Lab: CodeQL query for disabled revocation checking

This bug was reported directly to GitHub Security Lab...

The vulnerability of the Windows Host Guardian Service on Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Host Guardian Service on Microsoft Windows operating systems is related to improper checking of recorded and registered hashes. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

Fedora: Security Advisory for adns (FEDORA-2020-530188bf36)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2020-36384)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A buffer overflow vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...

CVE-2020-4363

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960...

Buffer overflow

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960...

CVE-2020-4363

CVE-2020-4363 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server) across DB2 versions 9.7, 10.1, 10.5, 11.1, and 11.5. Root cause: a buffer overflow due to improper bounds checking, enabling a local attacker with access to execute arbitrary code with root privileges. Impact is l...

Scams and how to spot them

We’re in strange times at the moment. Some things dont change though e.g. the scams and fraudulent activity designed to separate people from their money or identity. When dealing with these scams the main thing to remember is: If it seems too good to be true, it probably is. While that statement ...