KLA20148 ACE vulnerability in Apache Tomcat

Remote code execution vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Apache Tomcat 8.x vulnerabilities Related products Apache-Tomcat CVE list CVE-2022-45143 critical Solution Update to the latest version...

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Protect Plus (CVE-2021-22946, CVE-2022-27782, CVE-2022-27774, CVE-2022-22576, CVE-2021-22947, CVE-2022-27776)

Summary Vulnerabilities in libcurl such as bypassing security restrictions, obtaining sensitive information, and man-in-the-middle attacks may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2021-22946 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive...

Security Bulletin: Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson such as denial of service, bypassing security restrictions, obtaining sensitive information, cross-site scripting, and execution of arbitrary code may affect IBM Spectrum Copy Data Management. Vulnerability Details...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for April 2022

Summary In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF010 and 21.0.3-IF008. Vulnerability Details CVEID: CVE-2021-39038 DESCRIPTION: IBM WebSphere Application Server 9.0 and IBM WebSphe...

Security Bulletin: Vulnerabilities in Polkit, Node.js, OpenSSH, and Golang Go affect IBM Spectrum Protect Plus (CVE-2021-4034, CVE-2022-21681, CVE-2022-21680, CVE-2022-0235, CVE-2021-41617, CVE-2021-44716, CVE-2021-44717, 218243)

Summary Vulnerabilities in Polkit, Node.js, OpenSSL, and Golang Go can affect IBM Spectrum Protect Plus. The vulnerabilities include elevation of privileges, denial of service, obtaining sensitive information, and bypassing security restrictions. Vulnerability Details CVEID: CVE-2021-4034...

Security Bulletin: Vulnerabilities in Node.js, Color-String, and PostgreSQL affect IBM Spectrum Protect Plus

Summary Vulnerabilities in Node.js, Color-String, and PostgreSQL, such as denial of service, bypassing security restrictions, obtaining sensitive information, and execution of arbitrary code, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

KLA12303 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be...

Unauthorized Access Vulnerability in RICOH Aficio MP171 at Ricoh (China) Investment Co.

RICOH Aficio MP 171 is a printer from Ricoh China Investment Co. An unauthorized access vulnerability exists in the RICOH Aficio MP 171 of Ricoh China Investment Co. Ltd. that can be exploited by attackers to obtain sensitive information...

Security Bulletin: Multiple vulnerabilities affecting the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere Software

Summary Multiple vulnerabilities have been discovered that affect the Cordova platform and IBM SDK Node.js packaged with Rational Software Architect and Rational Software Architect for WebSphere software CVE-2014-3500, CVE-2014-3501, CVE-2014-3502, CVE-2014-5256, CVE-2014-7191, CVE-2014-7192,...

KLA11791 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code, perform cross-site scripting attack, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. A logic vulnerability in...

CVE-2017-5103

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

KLA10584 Multiple vulnerabilities in Mozilla products

Multiple serious vulnerabilities have been found in Mozilla products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...