CVE-2018-2980

CVE-2018-2980 affects Oracle FLEXCUBE Universal Banking (Infrastructure) across multiple supported versions (11.3.0–14.1.0). The vulnerability permits a low-privilege, network-accessing attacker (via HTTP) to read/write data and cause partial denial of service. CVSS 3.0 base score is 5.4 (I and A...

CVE-2018-3097

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

UBUNTU-CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

Information leakage vulnerability in multiple Huawei phones

Huawei Berlin-L21HN and Prague-AL00A are smartphone products of Huawei China. Several Huawei phones are vulnerable to information leakage. When a user connects a dangerous charging device to charge the phone, an unauthenticated attacker opens specific features of the phone by sending a carefully...

Typeform, Popular Online Survey Software, Suffers Data Breach

Typeform, the popular Spanish-based online data collection company specializes in form building and online surveys for businesses worldwide, has today disclosed that the company has suffered a data breach that exposed partial data of its some users. The company identified the breach on June 27th,...

OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...

CVE-2018-12337

Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick aka SBS 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Version 5, 6 and 7 that is used by Rational Service Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption POODLE SSLv3 vulnerability CVE-2014-3566. These were disclosed as part of the IBM Java SDK updat...

Security Bulletin: Rational Insight - IBM SDK, Java Technology Edition Quarterly CPU - July 2014 (CVE-2014-4263)

Summary A security vulnerability exists in the IBM JRE that is shipped with Rational Insight. Vulnerability Details Security vulnerabilities have been discovered and reported in IBM SDK, Java Technology Edition Quarterly CPU - July 2014 update. CVEID: CVE-2014-4263 Description: An unspecified...

Security Bulletin: Rational Directory Server and Rational Directory Administrator can be affected by vulnerabilities (CVE-2014-4263, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 and CVE-2014-0119)

Summary This security bulletin is a notice of security vulnerabilities in IBM Runtime Environment, Java Technology Edition and Apache Tomcat server which impacts IBM Rational Directory Server 5.2.x, 5.1.1.x and Rational Directory Administrator 6.x. Vulnerability Details | Subscribe to My...

Security Bulletin: InfoSphere Data Replication Dashboard is affected by a vulnerability in the IBM Runtime Environment, Java™ Technology Edition (CVE-2014-0453)

Summary An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. Vulnerability Details CVE ID: CVE-2014-0453 CVSS: CVSS Base Score: 4 CVSS Temporal Score: See for the current score CVSS Environmental...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Process Server and IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2014. Vulnerability Details CVEID: CVE-2014-4263 DESCRIPTION: An...

keystone node module authentication bypass vulnerability

The keystone node module is a set of web application frameworks. A security vulnerability exists in keystone node module versions prior to 0.3.16. The vulnerability can be exploited to bypass authentication by providing the correct password and a partial e-mail address...

Drupal Panopoly Core Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in Drupal's Panopoly Core module that stems from not properly handling partial node titles. The vulnerability can be exploited ...

OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...