Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in activemq-all (CVE-2025-66168)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-66168 reported for activemq-all-5.19.0.jar. Vulnerability Details CVEID:CVE-2025-66168 DESCRIPTION: WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library

Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...

EUVD-2025-10696

Malicious code in bioql PyPI...

CVE-2024-21904

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

CVE-2022-22674

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory...

CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

CVE-2021-29590

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

CVE-2021-29585

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

CVE-2021-29525

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

RHSA-2014:0634 Red Hat Security Advisory: kernel security and bug fix update

Bulletin has no description...

Security Bulletin: A vulnerability in IBM WebSphere Application Server and WebSphere Liberty affects IBM Operations Analytics Predictive Insights (CVE-2018-1901)

Summary There is a vulnerability in IBM WebSphere Application Server and WebSphere Liberty that are used by IBM Operations Analytics Predictive Insights 1.3.6 and earlier versions. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. This issue was also addressed by IBM...

Security Bulletin: Multiple security vulnerabilities exist in the IBM SDK, Java Technology Edition provided with WebSphere DataPower XC10 Appliance

Summary Three security vulnerabilities were identified in the IBM® SDK, Java™ Technology Edition provided with WebSphere DataPower XC10 Appliance. Vulnerability Details CVEID: CVE-2014-0878 DESCRIPTION: A vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom...

Oracle Linux 6 : glibc (ELSA-2012-0393)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-0393 advisory. 2.12-1.47.el62.9 - Always use another area after a failed allocation in the main arena 795328 - Remove sse3 memcpy 695812 changes 799259 2.12-1.47.el62.8 - Avoi...