Security Bulletin: Multiple vulnerabilities in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary Multiple vulnerabilities have been identified in IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and in supporting products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details This security bulletin covers multiple vulnerabilities in...

Security Bulletin: Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184

Summary A vulnerability in the IBM Tivoli Storage Manager TSM client could allow a local user to gain elevated privileges due to a stack-based buffer overflow. Vulnerability Details CVEID: CVE-2014-6184 DESCRIPTION: IBM Tivoli Storage Manager is vulnerable to a stack buffer overflow. A local...

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational RequisitePro (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM WebSphere Application Server is shipped as a component of IBM Rational RequisitePro. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult these security bulletins: Security...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)

Summary There are multiple vulnerabilities in IBM HTTP Server IHS that is used by IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Security Access Manager for Enterprise Single Sign On (CVE-2015-1283, CVE-2015-4947, CVE-2015-3183)

Summary IBM HTTP Server is shipped as a component of IBM Security Access Manager for Enterprise Single Sign On ISAM ESSO. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Deni...

Security Bulletin: PostgreSQL 9.2.8 as used in IBM QRadar SIEM 7.2.4 and IBM QRadar SIEM 7.1 MR2 is vulnerable to allow a remote authenticated attacker to obtain sensitive information. (CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244)

Summary Multiple security vulnerabilities have been discovered in the PostgreSQL component bundled with IBM QRadar version 7.1.x and 7.2.x. Vulnerability Details CVE-ID: CVE-2014-8161 Description: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a...

Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in ALTER MODULE statement handling. (CVE-2014-3094)

Summary IBM DB2 is vulnerable to a stack buffer overflow, caused by improper bounds checking in the handling of the ALTER MODULE statement. Vulnerability Details CVE ID: CVE-2014-3094 DESCRIPTION: DB2 is vulnerable to a stack buffer overflow attack, caused by improper bounds checking in the...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server affect IBM API Management (CVE-2015-4947 CVE-2015-1283 CVE-2015-1788)

Summary There are multiple vulnerabilities in IBM HTTP Server 8.5.5.4 that is used by IBM API Management. IBM API Management has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-4947 DESCRIPTION: IBM HTTP Server Administration Server could be vulnerable to a stack buffer...

Disk Savvy HTTP POST Request Handling Remote Stack Buffer Overflow

Disk Savvy product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

Disk Sorter HTTP POST Request Handling Remote Stack Buffer Overflow

Disk Sorter product contains an overflow condition that is triggered when handling overly large HTTP POST requests e.g. sent to /login. This may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if...

Remote Code Execution (RCE)

MuPDF is vulnerable to remote code execution RCE attacks. A malicious user can pass a malicious pdf file to the pdflookupcmapfull function in pdf-cmap.c to cause a stack buffer overflow that can lead to arbitrary code being executed...

imagemagick/encoder_dng_fuzzer: Stack-buffer-overflow in stread

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6275080005877760 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderdngfuzzer Fuzz target binary: encoderdngfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

envoy/server_fuzz_test: Stack-buffer-overflow in grpc_parse_ipv6_hostport

Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=5759581388013568 Project: envoy Fuzzer: libFuzzerenvoyserverfuzztest Fuzz target binary: serverfuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Stack-buffer-overflow WRITE Crash...

Denial Of Service (DoS) Through Stack Buffer Overflow

libexiv2.so is vulnerable to denial of service DoS through stack-based buffer overflow attacks. The vulnerability exists in Exiv2::Internal::stringFormat of image.cpp where a malicious image could cause a stack-based buffer overflow which leads to a DoS attack...

imagemagick/ping_ptif_fuzzer: Stack-buffer-overflow in _TIFFVGetField

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=4887809402863616 Project: imagemagick Fuzzer: aflimagemagickpingptiffuzzer Fuzz target binary: pingptiffuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflo...

Stack overflow

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

CVE-2018-1000038

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdflookupcmapfull in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file...

Stack overflow

In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdflookupcmapfull in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file...

CVE-2018-1000038

In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdflookupcmapfull in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file...