Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their July 2023 Critical Patch Update. For more information please refer to Oracle's July 2023 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2023-22045...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. For more information please refer to Oracle's October 2022 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details CVEID:CVE-2022-21628...

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823)

Abstract These vulnerabilities are only applicable to Java deployments where untrusted code may be executed under a security manager e.g. Java applets running in a web browser. Content VULNERABILITY DETAILS: CVE IDs: CVE-2012-4820, CVE-2012-4821, CVE-2012-4822, CVE-2012-4823 DESCRIPTION: There ar...

Security Bulletin: CVE-2021-35561 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-35561 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow an unauthenticated attacker to cause a denial of service...

Security Bulletin: CVE-2021-35603 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-35603 was disclosed as part of the Oracle October 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information...

Security Bulletin: CVE-2021-2341 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-2341 was disclosed as part of the Oracle July 2021 Critical Patch Update. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to obtain sensitive information...

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Summary Java SE issues disclosed in the Oracle October 2020 Critical Patch Update minus CVE-2020-14781 and CVE-2020-14782. CVE-2020-14781 and CVE-2020-14782 will be covered by additional bulletins. Vulnerability Details CVEID: CVE-2020-14792 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2016-3956

Summary HTTP bearer token leak in the npm package management tool Vulnerability Details CVE-ID: CVE-2016-3956 Description: npm could allow a remote attacker to obtain sensitive information, caused by the unintentional leakage of bearer tokens from the command-line interface. By setting up an HTTP...

Security Bulletin: IBM® SDK for Node.js™ may be affected by CVE-2014-9748

Summary Unsafe use of read/write locks on Windows 2003 and Windows XP in libuv Vulnerability Details CVEID: CVE-2014-9748 DESCRIPTION: libuv, as used in Node.js is vulnerable to a denial of service, caused by an error in the read/write locks implementation. A local attacker could exploit this...

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

Security Bulletin: Multiple vulnerabilities might affect IBM® SDK for Node.js™

Summary Vulnerabilities in Node.js and the c-ares library were disclosed on July 11 2017 by the Node.js Foundation. IBM SDK for Node.js has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-11499 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by a flaw relate...

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2261-1)

IBM Java 7.1 was updated to version 7.1-3.50 to fix the following security issues: CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 Please see https://www.ibm.com/developerworks/java/jdk/alerts/ for more information. Note that Tenable Network Security has extracted the preceding description block direct...

SuSE 11.2 Security Update : IBM Java 1.7.0 (SAT Patch Number 7046)

IBM Java 1.7.0 has been updated to SR3 which fixes bugs and security issues. More information can be found on : http://www.ibm.com/developerworks/java/jdk/alerts/ CVEs fixed: CVE-2012-3159 / CVE-2012-3216 / CVE-2012-5070 / CVE-2012-5067 / CVE-2012-3143 / CVE-2012-5076 / CVE-2012-5077 /...

IBM DeveloperWorks NCP 2.1 Information Disclosure

http://www.ibm.com/developerworks/systems/articles/freetools/index.html Can visit ncp pages and get info without authentication! http://target:8282/ gives version http://target:8282/real/lsconf.html detailed config info including: System Model Machine Serial Number Processor Type Number of...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 6380)

The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check...

SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12461)

The IBM JRE/JDK version 5 was updated to Service Release 10. It fixes a number of bugs and likely also several security issues. As usual IBM does not publish fixed security issues on the release date so a detailed list cannot be given at this time. Please check...

SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)

The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the JavaTM Runtime Environment may allow an untrusted applet or application to elevate its privileges...