Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2016-2985 and CVE-2016-2984)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2985...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2016-0392)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2016-0263)

Summary A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.2, V4.1 and IBM General Parallel File System V3.5, that could allow a local user, under special circumstances, to escalate their privileges or cause a denial of service when the mmapplypolicy comma...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7403)

Summary A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5 that could allow a local attacker to cause the node they are on to crash. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-1788)

Summary An OpenSSL vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1 and IBM GPFS V4.1. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial...

Security Bulletin:Vulnerability in OpenSSL affects IBM PureApplication System. (CVE-2015-1788)

Summary An OpenSSL denial of service vulnerability disclosed by the OpenSSL Project affects GSKit. IBM PureApplication System uses GSKit in user registry components in the Web application pattern type and GPFS pattern type. IBM PureApplication System addressed the applicable CVE. Vulnerability...

Security Bulletin:The GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2015-4974 and CVE-2015-4981)

Summary Security vulnerabilities have been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5: - could allow a local non privileged attacker to execute commands with root privileges CVE-2015-4974 - could allow a local non privileged attacker to read system...

Security Bulletin: TLS padding vulnerability affects IBM PureApplication System (CVE-2014-8730)

Summary Transport Layer Security TLS padding vulnerability via a POODLE Padding Oracle On Downgraded Legacy Encryption like attack affects IBM PureApplication System. Vulnerability Details CVEID: CVE-2014-8730 DESCRIPTION: IBM PureApplication Server bundles IBM HTTP Server, which could allow a...

Security Bulletin: Security Vulnerability in IBM WebSphere Application Server affects IBM SOA Policy Gateway Pattern for AIX Server 2.5 (CVE-2015-1920)

Summary A vulnerability in WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions. Vulnerability Details CVEID: CVE-2015-1920 DESCRIPTION: WebSphere Application Server could allow a...

Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server shipped with IBM SOA Policy Gateway Pattern for Red Hat Enterprise Linux Server

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled by default in IBM WebSphere Application Server Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM WebSphere Application could allow a...

M4Ngl3M3 - Common Password Pattern Generator Using Strings List

Common password pattern generator using strings list. Quick Installation: $ git clone https://github.com/localh0t/m4ngl3m3 $ cd m4ngl3m3 $ ./main.py Basic Help: usage: main.py -h -fy FROMYEAR -ty TOYEAR -sy -nf NUMBERSFILE -sf SYMBOLSFILE -cf CUSTOMFILE -sbs -sap -mm MUTATIONMETHODS MUTATIONMODE...

libopenmpt Denial of Service Vulnerability

libopenmpt is a cross-platform audio playback library based on C and C++. A security vulnerability exists in the soundlib/pattern.h file in versions of libopenmpt prior to 0.3.9. A remote attacker can exploit this vulnerability to cause a denial of service application crash with the help of a...

CVE-2018-11710

soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation...

DEBIAN-CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

AZL-44502 CVE-2016-10540 affecting package js-jquery 3.5.0-4

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

UBUNTU-CVE-2016-10540

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Tomcat vulnerabilities (USN-3665-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3665-1 advisory. It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue...

USN-3665-1 tomcat7, tomcat8 vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 17.10. CVE-2017-12616,...

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...

tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources

The URL pattern of "" the empty string which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It...