Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights, including Broken security fixes in IBM Java and IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 (CVE-2016-0264, CVE-2016-0363)

Summary Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting IBM SDK Java has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-0264 DESCRIPTION: A...

CVE-2021-28164

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

KLA12178 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebRTC can be...

KLA12048 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Media can...

Some HTTP/2 implementations are vulnerable to a header leak potentially leading to a denial of service

...

CVE-2020-7466

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition...

KLA11969 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Policy enforcement vulnerability in downloads component c...

CVE-2019-12587

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266NONOSSDK 2.2.0 through 3.1.0 allows the installation of a zero Pairwise Master Key PMK after the completion of any EAP authentication method, which allows attackers in radio range to replay, decrypt, or spoof frames v...

openSUSE Security Update : cronie (openSUSE-2019-1520)

This update for cronie fixes the following issues : Security issues fixed : - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon bsc1128937. - CVE-2019-9705: Fixed an implementation vulnerabili...

CVE-2019-9497 The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

WPA Authorization Issues Vulnerabilities

WPA is a set of Wi-Fi access protection schemes from the Wi-Fi Alliance USA, including security protocols and security authentication procedures. There is a security vulnerability in the implementation of WPA. An attacker can exploit the vulnerability to gain access to sensitive information...

Atlantis Word Processor Huffman table code length remote code execution vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open ...

DNP3 Implementation Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-291-01A DNP3 Implementation Vulnerability that was published November 21, 2013, on the NCCIC/ICS-CERT web site. Adam Crain of Automatak and Chris Sistrunk, Sr. Consultant for Mandiant, reported an improper input...

CVE-2017-17806

The HMAC implementation crypto/hmac.c in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AFALG-based hash interface CONFIGCRYPTOUSERAPIHASH and the SHA-3 hash algorithm CONFIGCRYPTOSHA3 to caus...

Design/Logic Flaw

The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...

CVE-2017-0373

The genclasspod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model aka libconfig-model-perl before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file...

CVE-2016-5163

The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right LTR rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left RTL Unicode text, related to...

CentOS 7 : rest (CESA-2015:2237)

Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...

Debian DSA-3405-1 : smokeping - security update

Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd modcgi passed additional arguments to the smokepingcgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests. %NASLMINLEV...

CubeCart 2.0.x view_product.php product Variable Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues...