Security Bulletin: IBM Event Processing contains a vulnerability in Netty (CVE-2023-34462)

Summary Operator of IBM Event Processing contains a vulnerability in Netty 4.1.94 CVE-2023-34462 Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel during the TLS handshake the...

Insufficient Session Expiration

Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This can allow an attacker to hijack the user's session and gain unauthorized access to the application. The web application m...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week Im in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, Ill be in New York to join a viewing party for the airing of SpringOne...

CVE-2021-35119

Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

PT-2022-10436 · Qualcomm · Snapdragon Auto +4

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Industrial IOT affected versions not specified Snapdragon Mobile affected...

[SECURITY] Fedora 36 Update: libinput-1.20.1-1.fc36

libinput is a library that handles input devices for display servers and other applications that need to directly deal with input devices. It provides device detection, device handling, input device event processing and abstraction so minimize the amount of custom input code the user of libinput...

Low: Red Hat Security Advisory: Red Hat Decision Manager 7.12.1 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Silicon Labs 700 数据伪造问题漏洞

Silicon Labs 700 is a family of chips from Silicon Labs, Inc. The Silicon Labs 700 suffers from a data forgery vulnerability that stems from the presence of insufficient authentication or encryption in the Silicon Labs 700 series chips using S2. An attacker could exploit the vulnerability by...

CVE-2021-39228

Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using patch or merge on state and assign the result back to state. In this case, affected versions of Tremor and the tremor-script...

CVE-2021-39228 Memory Safety Issue when using patch or merge on state and assign the result back to state

Tremor is an event processing system for unstructured data. A vulnerability exists between versions 0.7.2 and 0.11.6. This vulnerability is a memory safety Issue when using patch or merge on state and assign the result back to state. In this case, affected versions of Tremor and the tremor-script...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.11.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4748-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4748-1 advisory. It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4749-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4749-1 advisory. Bodong Zhao discovered a use-after-free in the Sun keyboard driver implementation in the Linux kernel. A local attacker could use this to cau...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4751-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4751-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive...

Ubuntu: Security Advisory (USN-4749-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4748-1: Linux kernel vulnerabilities

It was discovered that the jfs file system implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to possibly cause a denial of service system crash. CVE-2020-27815 It was discovered that the memory management subsystem in the Linux kerne...

Moderate: Red Hat Security Advisory: security update - Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container

Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container Updated rsyslog integration to not write world-readable configuration files CVE-2020-10782 Updated the included foreman/satellite inventory plugin to add the hostfilters and wantansiblesshhost options Updated Foreman/Satellite inventory to properly...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.6.0 Security Update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-03578)

The Qualcomm MSM8996AU, among others, is a central processing unit CPU product of Qualcomm Incorporated USA. An input validation error vulnerability exists in WLAN Host in multiple Qualcomm products, which can be exploited by an attacker to gain out-of-scope access while processing firmware event...