Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for Bluemix July 2017 CPU

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2017. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server on Cloud

Summary There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. There is a potential information disclosure in WebSphere Application Server using malformed SOAP requests on WebSphere Application Server. Vulnerability Details Please consult th...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud

Summary There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is ...

Google Chrome: Integer Overflow when Processing WebAssembly Locals(CVE-2018-6092)

When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function loca...

CVE-2016-10572

mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...

Remote code execution

mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...

CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

CVE-2016-10572

The vulnerability CVE-2016-10572 affects mongodb-instance prior to 0.0.3, where the application downloads binaries over HTTP. This insecure fetch enables MITM interference, potentially swapping the downloaded binary with a malicious one and enabling remote code execution on the host running mongo...

CVE-2016-10518

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but...

CVE-2004-1626

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/abilityserverstor.rb 2025-02-06 03:13:38+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:09+00:00| seen|...

SAP NetWeaver Instance Agent Service Information Disclosure Vulnerability (CNVD-2018-15773)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver. An attacker could exploit this vulnerability to...

CVE-2018-1452

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047...

CVE-2018-1450

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045...

CVE-2018-1544

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648...

SAP NetWeaver Instance Agent Service Memory Corruption Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A memory corruption vulnerability exists in the SAP NetWeaver Instance Agent Service. An attacker could exploit...

Whonow - A "Malicious" DNS Server For Executing DNS Rebinding Attacks On The Fly (Public Instance Running On Rebind.Network:53)

A malicious DNS server for executing DNS Rebinding attacks on the fly. whonow lets you specify DNS responses and rebind rules dynamically using domain requests themselves. respond to DNS queries for this domain with 52.23.194.42 the first time it is requested and then 192.168.1.1 every time after...

[SECURITY] Fedora 26 Update: knot-resolver-2.3.0-1.fc26

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...

[SECURITY] Fedora 28 Update: knot-resolver-2.3.0-1.fc28

The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as...