Oracle Linux 7 : ELSA-2022-9079-1: / thunderbird (ELSA-2022-90791)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-90791 advisory. 102.6.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build 102.6.0-2 - Update to...

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Step 1: Install the plugin and register for an...

Ten Reasons a Website Needs a CDN

Today’s website visitors expect a fast and efficient user experience with no delays or site performance issues. However, high traffic volumes and global reaching websites mean website managers are faced with the challenge of added latency and slow page load times, which can result in lost busines...

Not Every Cloud Is Meant for Every Workload

Understanding which cloud platforms are the best fit for which workloads can maximize your return on investment and your customers’ output...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securi...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securit...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2021-41041)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securi...

[SECURITY] Fedora 36 Update: varnish-7.0.3-2.fc36

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF=BD =EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...

Security Bulletin: The Community Edition of IBM ILOG CPLEX Optimization Studio is affected by multiple vulnerabilities in libcurl (CVE-2022-42915, CVE-2022-42916, CVE-2022-32221)

Summary The Community Edition of IBM ILOG CPLEX Optimization Studio on Windows platform only has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-42915 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a double-free flaw in the error/cleanup...

hw: cpu: information disclosure in certain Intel processors

A flaw was found in hw. Processor optimization removal or modification of security-critical code for some IntelR processors may potentially allow an authenticated user to enable information disclosure via local access...

EulerOS 2.0 SP9 : gcc (EulerOS-SA-2022-2764)

According to the versions of the gcc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In gcc, an internal compiler error in matchreload function at lra-constraints.c may cause a crash through a crafted input file. CVE-2020-35536 - In...

A GC-Friendly Go Interning Cache

Ive seen a little gem pass by in a Go cryptography code review and I want to share it because I think its a pattern that can be reused. Lets start with a problem statement: crypto/x509 Certificate values take a bunch of memory, and for every open TLS connection you end up with a copy of the leaf...

GitHub: CVE-2022-39253 Local clone optimization dereferences symbolic links by default

...

ALSA-2022:7119 Moderate: mysql:8.0 security, bug fix, and enhancement update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.30. Security Fixes: mysql: Server: DML multiple unspecified...

Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - [CVE-2021-45105] (affecting v2.16) and [CVE-2021-45046] (affecting v2.15)

Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION:...

reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF

The plugin does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site. input type="hidden" name="action" value="resmushit&...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

Microsoft Teams optimization on Citrix Workspace app for Chrome OS

Pre-requisites/System Requirements Why you should use Teams optimization Configuring Microsoft Teams optimization Caveats Troubleshooting Pre-requisites/System Requirements...

Security Bulletin: A vulnerability in IBM Java affects IBM ILOG CPLEX Optimization Studio (CVE-2022-21299)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-21299 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affect IBM Decision Optimization Center (CVE-2021-35561)

Summary There is a vulnerability in IBM® SDK Java™ and IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-35561 DESCRIPTION: An unspecified vulnerability in...