77 matches found
EUVD-2018-12006
Malware in sbrugna...
EUVD-2018-12005
Malware in sbrugna...
EUVD-2018-12007
Malware in sbrugna...
EUVD-2013-6549
Malware in sbrugna...
EUVD-2023-36586
Malicious code in bioql PyPI...
EUVD-2023-38000
Malicious code in bioql PyPI...
CVE-2023-32342
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...
CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...
Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Directory (CVE-2024-45650)
Summary A Security Vulnerability was addressed in IBM Security Verify Directory. Vulnerability Details CVEID:CVE-2024-45650 DESCRIPTION: IBM Security Verify Directory 10.0 is vulnerable to a denial of service when sending an LDAP extended operation. CWE:CWE-754: Improper Check for Unusual or...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.6
Summary Vulnerabilities in the Java Runtime Environment JRE 8.0.8.0 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint
Summary CVE-2024-20918, CVE-2024-20921 and CVE-2023-33850 were disclosed in the Oracle 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...
Security Bulletin: Timing Oracle in GSKit.
Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .
Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a...
Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.
Summary IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, golang-fips/openssl which were identified in RedHat UBI. IBM MQ is vulnerable to a buffer overflow condition, phishing attacks in open redirect , Java SE, IBM GSKit-Crypto. This bulletin...
Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850) affect Power HMC
Summary IBM Java SDK is used by Power Hardware Management Console HMC. Since V10R1 is a Java 8 based HMC, HMC has addressed the affected CVEs, which were specific to Java 8: CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, and CVE-2023-33850. The specified CVEs have...
Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway
Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentialit...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities and sensitive information exposure due to IBM Runtime Environment Java Technology Edition Version 8
Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 8. IBM Sterling Connect:Direct for UNI...