Security Bulletin:Security Vulnerability in IBM Java SDK for Quarterly CPU - April 2017 affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software (CVE-2017-3511)

Summary Security vulnerability in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software..The CVE CVE-2017-3511 were disclosed as part of the IBM Java SDK updates in April 2017. Vulnerability...

Code injection

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

FasterXML jackson-databind arbitrary code execution vulnerability (CNVD-2019-15941)

FasterXML Jackson is a U.S. FasterXML company for Java data processing tools . Jackson-databind is one of the components with data binding capabilities . An arbitrary code execution vulnerability exists in FasterXML Jackson-databind version 2.x prior to 2.9.7. The vulnerability stems from the...