libreswan security update

4.4-4.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.4-4 - Resolves: rhbz2036902 rebuild to enable rpminspect 4.4-3 - Resolves: rhbz2036902: fix patch application 4.4-2 - Resolves: rhbz2036902 ikev1: disable diagnostics logging on receiving malformed packets...

ROS-2-977

2.977 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...

CVE-2021-29568 Reference binding to null in `ParameterizedTruncatedNormal`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

gnutls and nettle security update

gnutls 3.6.14-8 - Port fixes for potential miscalculation in ecdsaverify 1942929 nettle 3.4.1-4 - Fix patch application 3.4.1-3 - Port fixes for potential miscalculation in ecdsaverify 1942924...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine that is shipped with Jazz Reporting Service (CVE-2020-4539)

Summary There is a security vulnerability in the Lifecycle Query Engine shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2020-4539 DESCRIPTION: IBM Jazz Reporting Service is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code...

Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2019-4494, CVE-2019-4495, CVE-2019-4497)

Summary There are multiple security vulnerabilities in the Report Builder shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2019-4494 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2019-4047)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2019-4047 DESCRIPTION: IBM Jazz Reporting Service JRS could allow an authenticated user to access the execution log files as a guest user, and obtain t...

Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-2004)

Summary There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2018-2004 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

Apple Mac OS X Security Updates (HT209446)-04

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2018-1918)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2018-1918 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Multiple security vulnerabilities affect the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1750, CVE-2018-1363)

Summary There are multiple security vulnerabilities in the Report Builder shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1750 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

Security Bulletin: Security vulnerabilities in IBM WebSphere Application Server affects Rational Insight (CVE-2017-1681)

Summary The Rational Insight is shipped with a version of the IBM WebSphere Application Server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2017-1681 DESCRIPTION: IBM WebSphere Application Server IBM Liberty for Java for...

Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2017-1370)

Summary There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1370 DESCRIPTION: IBM Jazz Reporting Service JRS could disclose sensitive information, including user credentials, through an error message from the Report...

Security Bulletin: Security vulnerability affects the Lifecycle Query Engine (LQE) that is shipped with Jazz Reporting Service (CVE-2017-1094)

Summary There is a security vulnerability in the Lifecycle Query Engine LQE shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2017-1094 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when...

Security Bulletin: A vulnerability in Apache Tomcat affects Rational Reporting for Development Intelligence (CVE-2015-5174)

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2015-5174 DESCRIPTION: Apache Tomcat could allow a remot...

Security Bulletin: A security vulnerability in Apache Tomcat affects Rational Insight (CVE-2014-0230)

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by missing...

Security Bulletin: Vulnerability in Diffie-Hellman cipher affects Rational Insight (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Jazz Team Server and Cognos Business Intelligence Cognos BI shipped with Rational Insight. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker ...

Security Bulletin: A security vulnerability in Apache Tomcat affects Rational Insight (CVE-2014-0227)

Summary The Rational Insight is shipped with a version of the Apache Tomcat web server which contains a security vulnerability that could have a potential security impact. Vulnerability Details CVEID: CVE-2014-0227 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling. A remote...

Lenovo Patches Arbitrary Code Execution Flaw

Lenovo issued a pair of security advisories on Friday for its popular ThinkPad line and System x servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. The company’s internal testing team...

Open redirect

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service...