58 matches found
Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008
Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...
K000138966: Intel Xeon CPU vulnerability CVE-2023-23908
Security Advisory Description Improper access control in some 3rd Generation IntelR XeonR Scalable processors may allow a privileged user to potentially enable information disclosure via local access. CVE-2023-23908 Impact This vulnerability may allow a privileged user to enable information...
MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. Through mid-2022 and early 2023, Project Zero had access to pre-production hardware implementing thi...
K95204515: Intel CPU vulnerability CVE-2022-21151
Security Advisory Description Processor optimization removal or modification of security-critical code for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21151 Impact This vulnerability may allow an authenticated user...
K43541501: Intel CPU vulnerabilities CVE-2022-21131 and CVE-2022-21136
Security Advisory Description CVE-2022-21131 Improper access control for some IntelR XeonR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21136 Improper input validation for some IntelR XeonR Processors may allow a privileged use...
Security Bulletin: IBM Application Navigator is vulnerable to an remote attacker exploitation of Apache Log4j (CVE-2021-44228)
Summary The IBM Application Navigator contains a copy of Apache Log4j which is not used by the IBM Application Navigator function. Out of an abundance of caution this update removes the unused copy of Apache Log4j. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow ...
Outlook is unable to launch after Citrix UPM Hotfix ProfilemgtWX64_1912_3001 installation Error status 0xc0000428
After installing theCitrixHotfixProfilemgtWX6419123001, anerror is generated when opening Outlook: OUTLOOK.EXE : Bad Image C:\Program Files\Citrix\User Profile Manager\upmoutlookhook64.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the...
GHSA-GHHP-997W-QR28 .NET Core Remote Code Execution Vulnerability
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what...
CVE-2020-11716
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11716
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."...
Design/Logic Flaw
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11716
Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11716
The CVE-2020-11716 entry concerns Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices—vulnerability described as Insecure Permissions, with affected products listed as End-of-software-support. Connected sources (Red Hat, NVD, CVE List, PT Security) specify the affected models and ver...
PT-2020-12802 · Panasonic · Eluga X1 Pro +2
Name of the Vulnerable Software and Affected Versions: Panasonic P110 versions through 2020-04-10 Eluga Z1 Pro versions through 2020-04-10 Eluga X1 versions through 2020-04-10 Eluga X1 Pro versions through 2020-04-10 Description: The issue is related to Insecure Permissions. The vendor has stated...
CVE-2020-11715
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11715
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."...
Improper access control
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11715
Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support."...
CVE-2020-11715
CVE-2020-11715 affects Panasonic P99 devices up to 2020-04-10 due to an Incorrect Access Control vulnerability. Root cause: improper access control in the affected component. Impact is significant: CVSS v3.1 shows a base score of 9.8 (CRITICAL) with NETWORK attack vector, no privileges required, ...
SUSE-SU-2020:0262-1 Security update for glibc
This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LDPREFERMAP32BITEXEC environment variable during program execution after a security transition bsc1157292. Bug fixes: - Fixed z15 s390x strstr implementation that can return incorrect...