Security Bulletin: Vulnerabilities in OpenSSL affects IBM Image Construction and Composition Tool (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL...

Security Bulletin: Vulnerabilities in IBM Dojo Toolkit affect IBM Image Construction and Composition Tool (CVE-2014-8917)

Summary IBM Dojo Toolkit is vulnerable to cross-site scripting and affects IBM Image Construction and Composition Tool. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. CVSS Base...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Image Construction and Composition Tool (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM Image Construction and Composition Tool. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Image Construction and Composition Tool (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Image Construction and Composition Tool. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerabilit...

UPDATE: OWASP Dependency-Check 3.1.2

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.2! Most importantly NVD urls were...

Intelligent Software Composition Analysis Platform: Dependency-Track

Modern applications leverage the availability of existing components for use as building blocks in application development. By using existing components, organizations can dramatically decrease time-to-market. Reusing existing components however, comes at a cost. Organizations that build on top o...

OWASP DependencyCheck - A Software Composition Analysis Utility That Detects Publicly Disclosed Vulnerabilities In Application Dependencies

Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration CPE identifier for a given dependency. If found, it will generate a report linking to the associate...

CVE-2017-13198

A vulnerability in the Android media framework ex related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117...

CVE-2017-13198

A vulnerability in the Android media framework ex related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117...

UPDATE: OWASP Dependency-Check 3.1.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.1.0! This release comes with...

Fedora 25 : qt5-qtwebengine (2017-580f91f6b0)

An update of QtWebEngine to the security and bugfix release 5.9.2, including : Chromium Snapshot : - Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107,...

Fedora 26 : qt5-qtwebengine (2017-9a7e562fca)

An update of QtWebEngine to the security and bugfix release 5.9.2, including : Chromium Snapshot : - Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107,...

UPDATE: OWASP Dependency-Check 3.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9...

UPDATE: OWASP Dependency-Check 2.1.1!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.1! This release contains a few...

UPDATE: OWASP Dependency-Check 2.1.0!

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release...

CVE-2017-11349

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

Code injection

dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data...

SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:1445-1)

This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u131 icedtea 3.4.0 - bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110,...

CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail...