Monthly Archive: June 2018

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object...

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting...

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to...

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are...

The TIBCO Designer component of TIBCO Software Inc.’s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host...

The TIBCO Administrator server component of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, and TIBCO Administrator – Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion...

The TIBCO Administrator server component of of TIBCO Software Inc.’s TIBCO Administrator – Enterprise Edition, and TIBCO Administrator – Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site...

Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking...

private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this...

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files...

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. Date published : 2018-06-13...

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas’ Catalogue" catalogue. Date published : 2018-06-13 https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. Date published : 2018-06-13 https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model’s Catalogue" catalogue. Date published : 2018-06-13 https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55