Pixel Update Bulletin—July 2022Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-07-05 or later address all issues in this bulletin and all issues in the July 2022 Android Securit...

[SECURITY] Fedora 36 Update: golang-k8s-sample-apiserver-1.22.0-5.fc36

Demonstration of how to use the k8s.io/apiserver library to build a functional API server...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21496 DESCRIPTION: An...

GHSA-Q4QQ-8Q2R-G2F2 Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration. While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transmitted in plain text as part of the global...

GHSA-CCWP-633J-G29V Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. ReadyAPI Functional Testi...

Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. ReadyAPI Functional Testi...

Missing powerThreshold validation in function updateValset(in Gravity.sol) could cause the contract non-functional

Lines of code Vulnerability details Impact When the cumulative power of validators in newValset is less than or equal to statepowerThreshold, the checkValidatorSignatures function would fail. Eventually, submitBatch, submitLogicCall & updateValset would fail for the new set of validators. This wi...

[SECURITY] Fedora 36 Update: golang-k8s-sample-apiserver-1.22.0-4.fc36

Demonstration of how to use the k8s.io/apiserver library to build a functional API server...

This Week in Spring - May 3rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Im excited! This week Im speaking at the ArabJUG, and Ill be speaking at Microsofts huuuge JDConf event. Both of these are virtual. Then, next Monday, Im on a plane bound for London, UK, where Ill be speakin...

[SECURITY] Fedora 34 Update: golang-k8s-sample-apiserver-1.22.0-4.fc34

Demonstration of how to use the k8s.io/apiserver library to build a functional API server...

[SECURITY] Fedora 35 Update: golang-k8s-sample-apiserver-1.22.0-4.fc35

Demonstration of how to use the k8s.io/apiserver library to build a functional API server...

The vulnerability of the decoder in the SIX functional decoding system for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SSIX decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...

CVE-2021-39795

CVE-2021-39795 is documented in connection with Android’s MediaProvider vulnerability. The connected materials describe a privilege-escalation scenario arising from a missing permission check in MediaProvider.java that could let an attacker access or modify other applications’ external storage di...

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

CVE-2021-27420

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35603 DESCRIPTION: An...

Removal of functional code in faker.js

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable. This is related to the colors.js CVE-2021-23567. The...

Pixel Update Bulletin—February 2022Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2022-02-05 or later address all issues in this bulletin and all issues in the February 2022 Android...

CVE-2021-46086

xzs-mysql = t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destro...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-35560 DESCRIPTION: An...