Security Bulletin: IBM Security Network Protection System CPU utilization (CVE-2014-0963)

Summary IBM Security Network Protection System is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM Security Network Protection System is affect...

Security Bulletin: IBM Informix Server CPU utilization (CVE-2014-0963)

Summary Informix Server is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: Informix Server is affected by a problem with the handling of certain S...

Security Bulletin: IBM Informix Client SDK CPU utilization (CVE-2014-0963)

Summary Informix Client SDK is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: Informix Client SDK is affected by a problem with the handling of...

Security Bulletin: IBM SPSS Modeler CPU utilization (CVE-2014-0963)

Summary IBM SPSS Modeler is affected by a problem related to the SSL implementation which, under very specific conditions, can cause CPU utilization to rapidly increase. Vulnerability Details CVE ID: CVE-2014-0963 DESCRIPTION: IBM SPSS Modeler Server is affected by a problem with the handling of...

Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect Algo One - Counterparty Credit Risk

Summary Apache Tomcat could allow a remote attacker to bypass security restrictions Vulnerability Details CVE-ID: CVE-2017-5647 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error in the processing of pipelined requests in send file. An...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares (CVE-2016-6304, CVE-2016-2177, ...)

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTIO...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM MQ Appliance

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM MQ Appliance. IBM MQ Appliance has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

Security In A DevOps World

Originally presented at the Gartner Security & Risk Management Summit 2018, "Security In A DevOps World" examines the challenges and benefits of integrating security technology and thinking into the development process at the early stages. The slides are designed to assist in the presentation of...

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

UBUNTU-CVE-2018-12265

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp...

USN-3678-1: Linux kernel vulnerabilities

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovered...

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

Gpredict - Satellite Tracking Application

Gpredict is a real-time satellite tracking and orbit prediction application. It can track a large number of satellites and display their position and other data in lists, tables, maps, and polar plots radar view. Gpredict can also predict the time of future passes for a satellite, and provide you...

CVE-2011-4190

The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this fl...

CVE-2017-16125

rtcmulticonnection-client is a signaling implementation for RTCMultiConnection.js, a multi-session manager. rtcmulticonnection-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16125

rtcmulticonnection-client is vulnerable to directory traversal via URLs containing ../../.. sequences, enabling access to files outside the intended directory. This vulnerability is documented across CVE-2017-16125 entries and related advisories (GHSA, OSV, CNVD, CNVD variants). The root cause is...

CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...