Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent

Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems DirectorISD Platform Agent. These OpenSSL vulnerabilities were disclosed in September 2016 and October 2016 by the OpenSSL Project. Vulnerability Details CVEID: CVE-2016-2182 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: Open Source zlib Vulnerabilities in IBM eDiscovery Manager

Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool.

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION...

Out-of-bounds

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...

CVE-2016-8390

CVE-2016-8390 concerns Hopper Disassembler 3.11.20, where the ELF Section Headers parsing has an out-of-bounds write due to attacker-controlled data in the section header table. Multiple connected sources describe a vulnerability in ELF parsing that can cause memory corruption via a crafted ELF f...

The vulnerability of the ext4_xattr_checkEntries function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the ext4xattrcheckEntries function fs/ext4/xattr.c in the Linux kernel is related to a pointer arithmetic error. Exploitation of this vulnerability could allow an attacker, operating remotely, to cause service failures by manipulating a specially crafted version of the ext4...

The vulnerability of the Qualcomm GNSS API component in the Android operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Qualcomm GNSS API in the Android operating system is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Qualcomm operating system Android allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Android operating system is related to an error in pointer arithmetic when establishing SSL connections. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Qualcomm Qurt API component in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Qurt API in the Android operating system arises due to a mistake in pointer arithmetic for the zero pointer. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the `stub_send_ret_submit` function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the stubsendretsubmit function in the Linux kernel’s drivers/usb/usbip/stubtx.c file is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a malicious actor to cause service failures using a specially crafted USBIP package...

openSUSE Security Update : openssl-steam (openSUSE-2018-168)

This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...

DEBIAN-CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

UBUNTU-CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

CVE-2017-17854

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...

The vulnerability in the software for converting images on the Debian GNU/Linux operating system, related to pointer arithmetic errors, allows a hacker to cause an unexpected termination of the application.

The vulnerability of the software for converting image formats in the Debian GNU/Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker, working remotely, to cause the application to terminate abnormally using a specially crafted cue fi...

The vulnerability of the get_endpoints function in the Linux operating system’s kernel allows a hacker to cause a service failure or exert other effects.

The vulnerability of the getendpoints function in the drivers/usb/misc/usbtest.c file of the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause a service failure or other adverse effects through a specially crafted USB device...

The vulnerability of the imon_probe function in the Linux operating system allows a hacker to cause a service failure or exert other effects.

The vulnerability of the imonprobe function in the Linux kernel’s drivers/media/rc/imon.c file is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause system failures or other adverse effects through a specially crafted USB device...