Security Bulletin: Vulnerability in Apache Commons affects IBM SPSS Modeler (CVE-2015-7450)

Summary Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the...

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2016-3705, CVE-2016-4447, CVE-2016-4448)

Summary The vulnerabilities have been addressed in the libxml2 component of IBM Cognos Metrics Manager Vulnerability Details CVEID: CVE-2016-3705 DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck and xmlParseAttValueComple...

Security Bulletin: Security vulnerability in Apache Commons FileUpload used by Liberty for Java for IBM Cloud (CVE-2016-1000031)

Summary There is a potential vulnerability in the Apache Commons FileUpload used by WebSphere Application Server traditional and WebSphere Application Server Liberty. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in several products, could allow a...

Security Bulletin: Vulnerabilities in OpenSSL affects IBM PureApplication System (CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293)

Summary OpenSSL vulnerabilities were disclosed on March 19, 2015 by the OpenSSL Project. OpenSSL is used by IBM PureApplication System. IBM PureApplication System has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerability (USN-3682-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3682-1 advisory. A heap buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could...

CVE-2018-1151

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi...

Stack overflow

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers...

Security update for icu (moderate)

icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...

[ASA-201805-22] wireshark-gtk: multiple issues

Arch Linux Security Advisory ASA-201805-22 ========================================== Severity: Critical Date : 2018-05-25 CVE-ID : CVE-2018-11354 CVE-2018-11355 CVE-2018-11356 CVE-2018-11357 CVE-2018-11358 CVE-2018-11359 CVE-2018-11360 CVE-2018-11361 CVE-2018-11362 Package : wireshark-gtk Type :...

Ubuntu: Security Advisory (USN-3658-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directory traversal

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability...

Stack overflow

The ObjReader::ReadObj function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service stack-based buffer overflow or possibly execute arbitrary code via a crafted pdf file...

CVE-2018-11128

The ObjReader::ReadObj function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service stack-based buffer overflow or possibly execute arbitrary code via a crafted pdf file...

CVE-2018-11128

The ObjReader::ReadObj function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service stack-based buffer overflow or possibly execute arbitrary code via a crafted pdf file...

CVE-2018-11128

The CVE-2018-11128 entry describes a buffer overflow in Pdfparser’s ObjReader::ReadObj() within vincent0629 PDFParser, exploitable by processing a crafted PDF. The vulnerability can lead to denial of service or arbitrary code execution on affected systems. CVSS2 (AV:N/AC:M/Au:N/C:P/I:P/A:P) sugge...

CVE-2018-7499

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified,...

CVE-2018-10589

In Advantech WebAccess versions V8.220170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an...

Mozilla Firefox Security Advisories (MFSA2018-11, MFSA2018-12) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Adobe Acrobat and Reader Heap Overflow (APSB18-09: CVE-2018-4947)

A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

KLA11242 Multiple vulnerabilities in Microsoft Exchange Server

Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper handling of objects in...