Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat

Summary Security vulnerabilities have been discovered in Apache Tomcat Vulnerability Details CVE-ID: CVE-2013-4286, CVE-2013-4322, & CVE-2014-0033 DESCRIPTION: FlashSystem 840 uses Apache Tomcat. FlashSystem 840 runs an Apache Tomcat web server which enables the systems’ browser-based...

Security Bulletin: The IBM FlashSystem 840 and V840 product model number AE1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem 840 MTM 9840-AE1, and FlashSystem V840 MTMs 9846-AE1 and 9848-AE1 use the Apache Struts library. Struts is used onl...

Security Bulletin: A vulnerability in Java affects the IBM FlashSystem 840 and 900

Summary There is a vulnerability in Java to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2019-2602. An exploit of CVE-2019-2602 could make the system susceptible to a denial of service attack. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerabilities in Java affect the IBM FlashSystem models 840 and 900 (CVE-2015-1931, CVE-2015-2601, CVE-2015-2613, and CVE-2015-2625)

Summary There are unspecified vulnerabilities revealed in the July 2015 Java Critical Patch Update CPU which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of these vulnerabilities could allow a remote attacker to obtain sensitive information and which could allow a...

Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem 840 and 900

Summary There are vulnerabilities in the Linux kernel to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2017-18017 and CVE-2017-17449. An exploit of CVE-2017-18017 could allow a remote attacker to cause a denial of service condition. An exploit of CVE-2017-17449 could allo...

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects IBM FlashSystem 840, (CVE-2014-0227)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by IBM FlashSystem 840 which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service under error scenarios. Vulnerability Details CVE-ID: CVE-2014-0227 Description: Apache Tomcat is...

Security Bulletin: Vulnerabilities in Open Source OpenSSL affects the IBM FlashSystem models 840 and 900 (CVE-2015-1788, CVE-2015-1789, CVE-2015-1791, and CVE-2015-3216)

Summary There are vulnerabilities in the Open Source OpenSSL version that is used by the IBM® FlashSystem™ 840 and IBM FlashSystem 900. An exploit of these vulnerabilities could result in a denial of service. One vulnerability can result in a race condition, the result of which is of unknown...

Security Bulletin: A vulnerability in Apache Tomcat affects the IBM FlashSystem 840 and 900

Summary A vulnerability exists in Apache Tomcat to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible CVE-2018-11784. An exploit of this vulnerability could allow a remote attacker to redirect a user to arbitrary websites. Vulnerability Details CVEID: CVE-2018-11784 DESCRIPTION:...

Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem models 840 and 900 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and IBM FlashSystem 900 are susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache...

Security Bulletin: Vulnerability in RC4 stream cipher affects the IBM FlashSystem models 840 and 900 (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects the IBM® FlashSystem™ 840 and IBM FlashSystem 900. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An...

Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID:CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sendi...

Reflected XSS in send2friend.php

Description There is a reflected XSS in send2friend because the 'artlang' parameter is not sanitized. Proof of Concept visit http://phpmyfaq.local/?action=send2friend&artlang=aaaa"%3E%3Cscript%3Ealert1;%3C/script%3E Fix sanitize the '$faqLanguage' variable in...

SUSE CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

_receiveDripsResult() overcounts amtPerCycle

Lines of code Vulnerability details Impact Drips results will be accounted for wrongly and hence users will receive more drips than they should. Proof of Concept According to the whitepaper, amtDeltas stored at each cycle is the value relative to the previous cycle. The stored delta for a cycle i...

GSD-2023-1000369 net: hsr: Fix potential use-after-free

net: hsr: Fix potential use-after-free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.301 by commit...

GSD-2022-1007809 ext4: fix warning in 'ext4_da_release_space'

ext4: fix warning in 'ext4dareleasespace' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.8 by commit...

CVE-2022-46149 Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

GSD-2022-1007662 net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()

net: rds: don't hold sock lock when cancelling work from rdstcpresetcallbacks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.331 by commit...

GSD-2022-1007465 tipc: fix a null-ptr-deref in tipc_topsrv_accept

tipc: fix a null-ptr-deref in tipctopsrvaccept This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.264 by commit...

GSD-2022-1007391 wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()

wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.220 by commit...