SUSE-SU-2020:3514-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201118 official release. bsc1178971 - Removed TGL/06-8c-01/80 due to functional issues with some OEM platforms. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX INTEL-SA-00389 bsc1170446 -...

SUSE-SU-2020:3457-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX INTEL-SA-00389 bsc1170446 - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 - CVE-2020-8696:...

SUSE-SU-2020:3374-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX bsc1170446 - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 - CVE-2020-8696: Vector Register...

SUSE-SU-2020:14546-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: - Updated Intel CPU Microcode to 20201110 official release. - CVE-2020-8695: Fixed Intel RAPL sidechannel attack SGX INTEL-SA-00389 bsc1170446 - CVE-2020-8698: Fixed Fast Store Forward Predictor INTEL-SA-00381 bsc1173594 - CVE-2020-8696:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by Rational Functional Tester RFT versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2590 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by Rational Functional Tester RFT versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2654 DESCRIPTION: An unspecified vulnerability in Java SE related ...

Android Security Bulletin—November 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-11-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

4 Tips for a Great CIAM RFP

Requests for proposals RFPs are a good way to start the product evaluation process as well as help clarify the project's scope and requirements. RFPs give you the ability to compare products and platforms more objectively and get you the best results for your project. That said, the process of...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2020:1732-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.15 used by Rational Functional Tester RFT versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.6.10 used by Rational Functional Tester RFT versions 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE...

Android Security Bulletin—October 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-10-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Pixel Update Bulletin—October 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of 2020-10-05 or later address all issues in this bulletin and all issues in the October 2020 Android...

Android Security Bulletin—September 2020Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2020-09-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

Design/Logic Flaw

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

CVE-2020-2251

CVE-2020-2251 affects the Jenkins SoapUI Pro Functional Testing Plugin (versions up to 1.5). The issue, described in multiple sources, is that project passwords are transmitted in plain text as part of job configuration forms within the plugin, creating a potential information disclosure risk. Se...

CVE-2020-2250

CVE-2020-2250 affects Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier. The underlying issue is that project passwords are stored unencrypted in job config.xml files on the Jenkins controller, enabling disclosure when an attacker has Extended Read permission or file-system access to t...

functional-resume.com Cross Site Scripting vulnerability OBB-1283589

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Authorization Bypass

cfme-gemset is vulnerable to authorization bypass. The vulnerability exists through missing functional level access control & IDOR lead to compromise...

CloudForms: Missing functional level access control & IDOR lead to compromise

A flaw was found in Red Hat CloudForms where sensitive data would have been possibly leaked for other existing roles. An attacker with low privilege could make use of EVM-Admin API if certain criteria is met since there was no privilege check on feature...