PT-2026-32440

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue...

Security Bulletin: Denial of Service in Spring vulnerability affect IBM Business Automation Workflow - CVE-2024-38808

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression...

ownCloud Critical Vulnerability is under active exploitation

Summary: Hackers are actively exploiting a critical vulnerability CVE-2023-49103 in ownCloud, a popular open-source file-sharing solution, exposing sensitive data in containerized deployments. Administrators are urged to promptly apply recommended fixes, including disabling the phpinfo function a...

PT-2023-29261 · Unknown · Online Blood Donation Management System

Name of the Vulnerable Software and Affected Versions: Online Blood Donation Management System version 1.0 Description: The issue concerns a Stored Cross-Site Scripting vulnerability. Specifically, the firstName parameter of the "users/register.php" resource is copied into the "users/member.php"...

Security Bulletin: Potential Denial of Service (DoS) security vulnerability in IBM Sterling Connect:Enterprise for UNIX

Abstract Potential Denial of Service DoS security vulnerability in IBM Sterling Connect:Enterprise for UNIX due to a Java HashTable security vulnerability in Jetty CVE-2011-4461. Content SUMMARY: Potential Denial of Service DoS security vulnerability in IBM Sterling Connect:Enterprise for UNIX du...

Security Bulletins for WebSphere Application Server

Abstract This security bulletin for WebSphere Application Server is a way for you to obtain security risk assessment information for APARs that are considered Security Integrity. If there is any potential risk of exposure, the APAR is marked as Security Integrity. Some APARs are marked as Securit...

Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2018-1639)

Summary There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2018-1639 DESCRIPTION: The Report Builder of Jazz Reporting Service could allow an authenticated user to obtain sensitive information beyond its assigned privilege...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence

Summary The Rational Reporting for Development Intelligence RRDI is shipped with a version of the Apache Tomcat web server which contains security vulnerabilities that could have a potential security impact. Vulnerability Details CVEID: CVE-2016-0762 DESCRIPTION: Apache Tomcat could allow a remot...

Security Bulletin: Multiple security vulnerabilities has been identified in IBM Websphere Application Server shipped with IBM Security/Tivoli Directory Server (CVE-2016-5983 and CVE-2016-5986)

Summary IBM Websphere Application Server is shipped as a component of IBM Security/Tivoli Directory Server. Information about a security vulnerabilities affecting IBM Websphere Application Server has been published in security bulletins. Vulnerability Details Please see following security bulleti...

Security Bulletin: A security vulnerability has been identified in IBM Websphere Application Server shipped with IBM Security Directory Server (CVE-2016-9736)

Summary IBM Websphere Application Server is shipped as a component of IBM Security Directory Server. Information about a security vulnerability affecting IBM Websphere Application Server has been published in a security bulletin. Vulnerability Details Please see the following security bulletin fo...

Security Bulletin: Vulnerability in GNU C Library(glibc) affects WebSphere DataPower XC10 Appliance(CVE-2015-7547) - Revised fix available

Summary A GNU C Libraryglibc vulnerability with a stack based overflow was addressed by WebSphere DataPower XC10 Appliance. On Friday March 11th 2016, a fix was published to resolve this security vulnerability. However, that fix needed revision. A corrected fix is now available. Vulnerability...

Security Bulletin: Sensitive data lingers in memory on the WebSphere DataPower XC10 Appliance

Summary Sensitive data lingers in memory allowing access by an administrator of the WebSphere DataPower XC10 Appliance. This is addressed in the interim fix. Vulnerability Details CVEID: CVE-2015-7418 DESCRIPTION: The IBM WebSphere DataPower XC10 Appliance allows some sensitive data to linger in...

Security Bulletin for WebSphere MQ

Abstract Vulnerability risk information for WebSphere MQ. Content This security bulletin for WebSphere MQ is a way for you to obtain security risk assessment information for APARs that address issues which are considered to be security vulnerabilities. The intention is to provide enough informati...

IRIX WorkShop cvconnect(1M) Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Silicon Graphics Inc. Security Advisory Title: IRIX WorkShop cvconnect1M Vulnerability Number: 20000601-01-P Date: June 20, 2000 Silicon Graphics provides this information freely to the SGI user community for its consideration, interpretation, implementation and...