Security Bulletin: API Connect V2018 is impacted by weak cryptographic algorithms (CVE-2018-2007)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-2007 DESCRIPTION: IBM API Connect uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS Base Score: 5.9 CVSS Temporal...

Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6340 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary PHP code on the system, caused by improper input validation in some field types. By sending a specially-crafted...

Android Security Bulletin — March 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux

Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...

[SECURITY] [DSA 4395-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4395-1 [email protected] https://www.debian.org/security/ Michael Gilbert February 18, 2019 https://www.debian.org/security/faq -...

Debian DSA-4395-1 : chromium - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2018-17481 A use-after-free issue was discovered in the pdfium library. - CVE-2019-5754 Klzgrad discovered an error in the QUIC networking implementation. - CVE-2019-5755 Jay Bosamiya discovered an implementation erro...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...

The vulnerability of the “Valid Session” component in the Oracle Reports Developer reporting software allows a perpetrator to gain access to protected information.

The vulnerability of the “Valid Session” component in the Oracle Reports Developer software relates to insufficient access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

KLA11419 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A...

Security Bulletin: IBM API Connect Developer Portal is affected by a remote code execution vulnerability in Drupal (CVE-2019-6339)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6339 DESCRIPTION: Drupal core could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an error in PHP's built-in phar stream wrapper. By sending a...

Security Bulletin: IBM API Connect Developer Portal is affected by a vulnerability in Oracle MySQL (CVE-2018-3251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2018-3251 DESCRIPTION: An unspecified vulnerability in Oracle MySQL related to the Server InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high...

Google Pulls Data-Chugging App From iOS Devices

Google has found itself in hot water for a research app that may have violated Apple’s policies by collecting user data in exchange for gift cards. The tech giant said it has now disabled Screenwise Meter“audience measurement” app – which voluntarily collects data from users’ phones, browsers and...

[SECURITY] Fedora 29 Update: docker-latest-1.13.1-40.git1185cfd.fc29

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

[SECURITY] Fedora 28 Update: docker-1.13.1-63.git1185cfd.fc28

Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Docker containers can encapsulate any payload, and will run consistently on and between virtually any server. The same container...

Apple Blasts Facebook Over Data-Sucking 'Research' App

Apple has revoked Facebook’s enterprise iOS developer certificate on the heels of a “Facebook Research” VPN app that was being distributed to consumers; the app paid teens and Millennial users in exchange for being able to track their phone and web activity, and has been available since 2016. App...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software

Summary Multiple Node.js vulnerabilities were disclosed by the Node.js project. Node.js is used by the Cordova tools in IBM Rational Application Developer for WebSphere Software. IBM Rational Application Developer for WebSphere Software has addressed the applicable CVEs. Vulnerability Details...

TAU Threat Intelligence Notification: BlackRouter Ransomware

According to the article from BleepingComputer, BlackRouter Ransomware was being promoted as a Ransomware-as-a-Service on Telegram by an Iranian developer. BlackRouter Ransomware will append ‘.BlackRouter’ as file extension to the encrypted file. In addition, it will attempt to delete volume shad...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details CVEID: CVE-2018-3180...

Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Cross-site Scripting XSS Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CV...