Security Bulletin: A vulnerability in Microsoft.BotBuilder affects IBM Robotic Process Automation which may result in elevated privileges (CVE-2024-35255).

Summary A vulnerability in Microsoft.BotBuilder affects IBM Robotic Process Automation which may result in elevated privileges. Microsoft.BotBuilder is used to enable communication between Azure Bot Services and the ChatBot API. This bulletin identifies the security fixes to apply to address the...

Security Bulletin: Security vulnerability found in packages shipped with IBM CICS TX Advanced

Summary Security vulnerability found in packages cURL, krb5 and Python shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Resty package for Golang Go (CVE-2023-45286).

Summary The HTTP and REST client library used in Golang Go by the IBM Storage Protect Server is vulnerable to potential exposure of sensitive information from the host system. This bulletin provides steps to mitigate these vulnerabilities. Vulnerability Details CVEID:CVE-2023-45286 DESCRIPTION: G...

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerability in Linux Kernel. A local authenticated attacker could exploit the vulnerability to cause a denial of service condition as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details...

CVE-2021-0772

CVE-2021-0772 is listed under Android 12 Framework as an Information Disclosure (Type: ID) vulnerability with Moderate severity. It is addressed as part of the Android 12 security release; devices running Android 12 with a security patch level of 2021-10-01 or later are protected. The connected d...

CVE-2022-42791

CVE-2022-42791 is a macOS-specific race condition vulnerability that was addressed by improving state handling. The issue could allow an app to execute arbitrary code with kernel privileges and is fixed in macOS Ventura 13. Affected component is the kernel-related path implicated by the race cond...

FortiWeb - Multiple vulnerabilities in the authentication mechanism of confd

Multiple vulnerabilities in the authentication mechanism of FortiWeb's confd, including an instance of concurrent execution using shared resource with improper synchronization CWE-362 and one of authentication bypass by capture-replay CWE-294, may allow a remote unauthenticated attacker to...

FortiPortal - Improper thread synchronization for database operations

A concurrent execution using shared resource with improper Synchronization vulnerability 'Race Condition' CWE-362 in the customer database interface of FortiPortal may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific...

openSUSE: Security Advisory for xawtv (openSUSE-SU-2020:0784-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2017-14798 local privilege escalation in SUSE postgresql init script

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root...

Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability

Overview The Linux kernel since version 2.6.22 contains a race condition in the way the copy on write mechanism is handled by the memory subsystem, which may be leveraged locally to gain root privileges. Description CWE-362: Concurrent Execution using Shared Resource with Improper Synchonization...

Security Audit Notes = Kerberos (krb5-1.13) issues - Advanced Information Security Corp

-=Advanced Information Security Corp=- Nicholas Lemonias Report Date: 3/4/2015 Email: [email protected] Introduction ============== During a source-code audit of the krb5-1.13 stable release 15 October 2014 implementation for linux; conducted internally by the Advanced Information Security...

Scientific Linux Security Update : ruby on SL5.x i386/x86_64

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker coul...