Online upgrade of Spectrum Scale security update packages for a Db2 pureScale cluster

Summary While the best practice for upgrading Spectrum Scale package level is through the Db2 fixpack, updating Spectrum Scale security update packages outlined in Db2 Security bulletins requires a manual installation procedure. This document contains instructions on how to apply Spectrum Scale...

Qualys Cloud Platform 8.15.2 New Features

Patch release of Qualys Cloud Platform, version 8.15.2, includes new support for Apache instance auto-discovery in Qualys Policy Compliance. Policy Compliance Apache Instance Auto-Discovery – This new feature in Qualys PC enables automatic discovery of Apache during compliance scans. Once one or...

GHSA-V543-GQHH-6GWW Duplicate Advisory: Moderate severity vulnerability that affects activemodel

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references. Original Description Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the...

GitLab: Bypass of GitLab CI runner slash fix in YAML validation

Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

Authorization Bypass

phpmyfaq/phpmyfaq is vulnerable to authorization bypasses. The library does not properly handle the instance ID, allowing a malicious user with admin rights to delete a multi-site master instance...

CVE-2014-6049

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...

Authorization

phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter...

Foxit Reader Type Obfuscation Remote Code Execution Vulnerability (CNVD-2018-15091)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

CVE-2018-14287

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

DEBIAN-CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...

Shipt: Subdomain Takeover at test.shipt.com

A researcher identified a stale DNS record that pointed to an abandoned test Heroku instance. This allowed for subdomain takeover. This was not an actively used subdomain and was not linked in any of our production applications. Nonetheless, Shipt Security immediately addressed the issue and...

Amazon Linux 2 : kernel (ALAS-2018-1046)

The fs/ext4/inline.c:ext4readinlinedata function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or...

CVE-2018-0369

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service DoS condition. There are four instances of the npusim proces...

Amazon Linux AMI : kernel (ALAS-2018-1044)

A NULL pointer dereference issue was found in the Linux kernel. If the close and fchownat system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.CVE-2018-12232 C Tenable Netwo...

Security Bulletin: Potential Privilege Escalation and Information disclosure affect IBM WebSphere Application Server in IBM Cloud (CVE-2017-1731, CVE-2017-1741)

Summary There is a potential privilege escalation in WebSphere Application Server Admin Console. There is a potential information disclosure in the WebSphere Application Server Admin Console. Vulnerability Details CVEID: CVE-2017-1731 DESCRIPTION: IBM WebSphere Application Server could provide...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects IBM WebSphere Application Server for Bluemix July 2017 CPU

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in July 2017. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server on Cloud

Summary There is a potential cross-site scripting vulnerability in the Admin Console for WebSphere Application Server. There is a potential information disclosure in WebSphere Application Server using malformed SOAP requests on WebSphere Application Server. Vulnerability Details Please consult th...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Applciation Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud

Summary There is a potential information disclosure vulnerability in Admin Center for IBM WebSphere Application Server Liberty. There is a potential for weaker than expected security when using the WebSphere Application Server Liberty profile API Discovery feature and Swagger documents. There is ...

Google Chrome: Integer Overflow when Processing WebAssembly Locals(CVE-2018-6092)

When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function loca...