Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cisco Switches and Directors.

Summary OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cisco Switches and Directors. IBM Cisco Switches and Directors has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denia...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running o...

F5 BIG-IP 安全特征问题漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IP has a security feature issue vulnerability that can be exploited by an attacker to determine the open UDP User Datagram Protocol source port of...

Remote Code Execution

chromium is vulnerable to remote code execution. An attacker is able to upload and execute malicious code on the system under attack...

CVE-2021-39689

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Design/Logic Flaw

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2021-39689

CVE-2021-39689 is a local elevation-of-privilege vulnerability reported in Android 12, due to a logic error in multiple functions of odsign_main.cpp. It could allow a local attacker with system privileges to gain full control without user interaction. The Android bulletin notes this issue under t...

CVE-2021-39689

In multiple functions of odsignmain.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-25188

CVE-2022-25188 affects Jenkins Fortify Plugin 20.2.34 and earlier. The root cause is that the plugin does not sanitize the appName and appVersion parameters of its Pipeline steps, enabling attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller filesyst...

Adobe Premiere Rush Code Execution Vulnerability (CNVD-2021-101117)

Adobe Premiere Rush is a cross-platform video editing software from Adobe. Adobe Premiere Rush has a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the possibility of an operation going beyond the buffer in memory, allowing a hacker to execute arbitrary code.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to the execution of operations beyond buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system using a specially created file...

qimengcms has a logic flaw vulnerability

qimengcms is a content management system. A logic flaw vulnerability exists in qimengcms, which can be exploited by an attacker to compromise the integrity of the system...

Information disclosure

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997...

Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and...

Windows Registry Denial of Service Vulnerability

A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations. An attacker who successfully exploited the vulnerability could cause a denial of service against a system. To exploit the vulnerability, an attacker who has access to the system could run a...

CVE-2019-4601

IBM Quality Manager RQM 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system...

Design/Logic Flaw

IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080...

CVE-2019-4484

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...

CVE-2019-4485

IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...