Security Bulletin: An vulnerability in 3rd party library jackson-databind affect IBM Spectrum LSF Suite, IBM Spectrum LSF Explorer and IBM Platform Application Center

Summary There is an vulnerabilityCVE-2020-36518 in in 3rd party library jackson-databind affect IBM Spectrum LSF Suite, IBM Spectrum LSF Explorer and IBM Platform Application Center, Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products an...

Security Bulletin: An vulnerability in IBM Websphere Liberty affect IBM Spectrum LSF Suite and IBM Platform Application Center

Summary There is an vulnerability CVE-2021-39038in IBM Websphere Liberty used by IBM Spectrum LSF Suite and IBM Platform Application Center . Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

OPENSUSE-SU-2022:0783-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.6.1 ESR bsc1196809: - CVE-2022-26485: Use-after-free in XSLT parameter processing - CVE-2022-26486: Use-after-free in WebGPU IPC Framework...

CVE-2022-24718 Path Traversal in ssr-pages

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

GSD-2022-1000331 libsubcmd: Fix use-after-free for realloc(..., 0)

libsubcmd: Fix use-after-free for realloc..., 0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.231 by commit...

GSD-2022-1000296 libsubcmd: Fix use-after-free for realloc(..., 0)

libsubcmd: Fix use-after-free for realloc..., 0 This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.303 by commit...

MGASA-2022-0066 Updated nas packages fix security vulnerability

Stack-based buffer overflow in auphone.c that can be triggered by an environment variable. Also, the x11-util-cf-files package has been patched to allow building nas...

CVE-2022-23577 Null-dereference in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

SUSE-SU-2022:0130-1 Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container

This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cau...

CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...

CVE-2022-21678 User's bio visible even if profile is restricted in Discourse

Discourse is an open source discussion platform. Prior to version 2.8.0.beta11 in the tests-passed branch, version 2.8.0.beta11 in the beta branch, and version 2.7.13 in the stable branch, the bios of users who made their profiles private were still visible in the tags on their users' pages. The...

SUSE-SU-2021:4170-1 Security update for libaom

This update for libaom fixes the following issues: - CVE-2020-36129: Fixed stack buffer overflow via the component src/aomimage.c bsc1193356. - CVE-2020-36131: Fixed stack buffer overflow via the component stats/ratehist.c bsc1193365. - CVE-2020-36135: Fixed NULL pointer dereference via the...

OPENSUSE-SU-2021:1606-1 Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: - CVE-2021-4009: The handler for the CreatePointerBarrier request of the XFixes extension does not properly validate the request length leading to out of bounds memory write. bsc1190487 - CVE-2021-4010: The handler for the Suspend reques...

OPENSUSE-SU-2021:3873-1 Security update for netcdf

This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,...

SUSE-SU-2021:3873-1 Security update for netcdf

This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,...

CVE-2021-43793

Discourse is an open source discussion platform. In affected versions a vulnerability in the Polls feature allowed users to vote multiple times in a single-option poll. The problem is patched in the latest tests-passed, beta and stable versions of Discourse...

OPENSUSE-SU-2021:3805-1 Security update for netcdf

This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,...

SUSE-SU-2021:3804-1 Security update for netcdf

This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,...

PowerCMS XMLRPC API vulnerable to OS command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains an OS command injection vulnerability CWE-78. Alfasado Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Alfasado Inc. coordinated under the Information Security Early Warning...

OPENSUSE-SU-2021:3584-1 Security update for transfig

This update for transfig fixes the following issues: Update to fig2dev version 3.2.8 Patchlevel 8b Aug 2021 - bsc1190618, CVE-2020-21529: stack buffer overflow in the bezierspline function in genepic.c. - bsc1190615, CVE-2020-21530: segmentation fault in the readobjects function in read.c. -...