Linux Distros Unpatched Vulnerability : CVE-2014-8147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2024:3577-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3577-1 advisory. libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes:...

SUSE-SU-2024:3577-1 Security update for libreoffice

This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

SUSE-SU-2024:3576-1 Security update for libreoffice

This update for libreoffice fixes the following issues: libreoffice was updated to version 24.8.1.2 jscPED-10362: - Release notes: https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and...

Security Bulletin: IBM DataPower Gateway Virtual Edition uses out of date ICU libraries in open-vm-tools

Summary Open-vm-tools is used only in IBM DataPower Gateway Virtual Edition for communicating with the Hypervisor to perform such tasks as reboot or shutdown of the VM. The limited functionality employed in this use should not expose these CVEs to exploitation; IBM has addressed the CVEs out of a...

icu security update

50.2-4 - Apply ICU-13634-Adding-integer-overflow-logic-to-ICU4C-num.patch - Apply ICU-20958-Prevent-SEGVMAPERR-in-append.patch - Resolves: rhbz1808235...

Security Bulletin:OpenSource ICU4C Vulnernabilties in IBM eDiscovery Analyzer

Summary International Components for Unicode ICU is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Locale class in common/locid.cpp. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or caus...

Security Bulletin: OpenSource ICU4C Vulnernabilities in IBM eDiscovery Manager

Summary International Components for Unicode ICU is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the Locale class in common/locid.cpp. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or caus...

Security Bulletin: Vulnerability in ICU4C affects IBM Tealeaf Customer Experience (CVE-2016-6293)

Summary IBM Tealeaf Customer Experience uses a version of ICU4C with a reported security issue. Vulnerability Details CVEID: CVE-2016-6293 DESCRIPTION: International Components for Unicode ICU could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read i...

Security Bulletins for IBM Tealeaf Customer Experience offerings

Abstract Support for IBM Tealeaf Customer Experience offerings is found in the IBM Client Success Portal at https://support.ibmcloud.com/, which requires login. For your convenience, Security Bulletins for IBM Tealeaf Customer Experience offerings are listed here, most recent at top, and do not...

Security Bulletin: Vulnerability in International Components for Unicode (ICU4C) affects IBM InfoSphere DataStage (CVE-2016-7415)

Summary An International Components for Unicode ICU4C vulnerability was addressed by IBM InfoSphere DataStage. Vulnerability Details CVEID: CVE-2016-7415 DESCRIPTION: International Components for Unicode ICU is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: A security vulnerability has been identified in WebSphere MQ shipped with WebSphere Remote Server (CVE-2011-4599)

Summary WebSphere MQ is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin ICU4C overflow vulnerability affects I...

Security Bulletin: ICU4C overflow vulnerability affects IBM WebSphere MQ (CVE-2011-4599)

Summary A vulnerability exists in the version of ICU4C shipped by IBM WebSphere MQ that provides support for the Managed File Transfer MFT process controller. Vulnerability Details CVEID: CVE-2011-4599 DESCRIPTION: International Components for Unicode ICU is vulnerable to a stack-based buffer...

Remote Code Execution (RCE)

icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the application to cause a double free that can crash the application or cause arbitrary code to be executed...

Remote Code Execution (RCE)

icu4c is vulnerable to remote code execution RCE attacks. A malicious user can pass a string to the ucnvUTF8FromUTF8 function in ucnvu8.cpp to cause a buffer overflow that can crash the application or cause arbitrary code to be executed...

SUSE SLED12 / SLES12 Security Update : icu (SUSE-SU-2017:2318-1)

icu was updated to fix two security issues. These security issues were fixed : - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU used an integer data type that is...

Denial Of Service (DoS) Through Buffer Overflow

icu4c is vulnerable to denial of service DoS through buffer overflows.The common/utext.cpp file has a flaw that allows a malicious user to cause a out-of-bounds write by passing a string to the application. This can lead to a heap-based buffer overflow that can crash the application...

Denial Of Service (DoS) Through Buffer Overflow

icu4c is vulnerable to denial of service DoS through buffer overflows.The common/utext.cpp file has a flaw that allows a malicious user to cause a out-of-bounds write, leading to a heap-based buffer overflow by passing a string to the application. This can cause the application to crash...

AIX Java Advisory : java_july2015_advisory.asc (Logjam)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities : - Java Security Components store plaintext data in memory dumps, which allows a local attacker to gain access to sensitive information. CVE-2015-1931 - A flaw exists in the readSerialData function i...

Updated icu package fixes security vulnerabilities

The ICU Project's ICU4C library, before 55.1, contains a heap-based buffer overflow in the resolveImplicitLevels function of ubidi.c CVE-2014-8146. The ICU Project's ICU4C library, before 55.1, contains an integer overflow in the resolveImplicitLevels function of ubidi.c due to the assignment of ...