IBM DB2 and DB2 Connect Server File Overwrite Vulnerability

IBM DB2 and DB2 Connect Server are both database products from IBM Corporation, U.S.A. DB2 is a relational database management system for large-scale application environments.DB2 Connect Server is a mainframe database system that connects desktop and mobile palm-top applications to mainframes and...

New Relic: Drupal admin takeover via install.php not being performed prior to install.

@grampae discovered an uninitialized Drupal instance running on one of our properties being hosted by a third party provider, an issue we've seen previously. To prevent this issue from surfacing again, we decommissioned the related domains and contacted the provider with details of the issue...

CVE-2017-0920

CVE-2017-0920 affects GitLab CE/EE before 10.1.6, 10.2.6, and 10.3.4. The root cause is an authorization bypass in the Projects::MergeRequests::CreationsController, allowing an attacker to view the name of every project and its namespace on the GitLab instance. The impact is information disclosur...

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

Oracle Database Server Multiple Unspecified Vulnerabilities-01 (Mar 2018)

Oracle Database Server is prone to multiple unspecified security vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Elastic Logstash 'CVE-2016-10363' DoS Vulnerability

Elastic Logstash is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Virtualized Packet Core-Distributed Instance Software Denial of Service Vulnerability

Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software is a productized version of Cisco's StarOS software that is deployed on a dedicated hardware platform.The Cisco StarOS operating The Cisco StarOS operating system is one of the virtualization operating systems. A denial of service...

SAP NetWeaver Instance Agent Service Denial of Service Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A denial of service vulnerability exists in SAP NetWeaver Instance Agent Service. An attacker could cause a deni...

CVE-2018-6488 MFSBGN03798 rev.1 - Micro Focus Universal CMDB, Apache Struts Instance

Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. This vulnerability could be remotely exploited to allow Arbitrary Code Execution...

Unable to See All Virtual Servers Present on an Instance Using NetScaler MAS

Unable to see all the virtual servers that are present on an instance using NetScaler MAS...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the...

Qualys Cloud Platform 2.31 New Features

This release of the Qualys Cloud Platform version 2.31 includes updates and new features for AssetView, Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. AssetView Use custom severities in AV searches and...

How to Collect Diagnostic Data by using the Command Line Interface on a WANOP

This article explains an alternative method for collecting Diagnostic Data by using the command line interface when the Graphical User Interface GUI is not accessible on a NetScaler SD-WAN WANOP appliance or WANOP VPX instance...

Apache Groovy MethodClosure Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on implementation. The specific flaw exists within the handling of...