Monthly Archive: May 2019

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote...

A Local Disclosure of Sensitive Information vulnerability was identified in HPE NonStop Safeguard earlier than version SPR T9750L01^AIC or T9750H05^AIH, and later versions when the PASSWORD-PROMPT configuration attribute is not set to BLIND; all...

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this...

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps...

A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors...

A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take...

IBM Cloud App Management V2018.2.0, V2018.4.0, and V2018.4.1 could allow an attacker to obtain sensitive configuration information using a specially crafted HTTP request. IBM X-Force ID: 154283. Date published : 2019-05-10 http://www.securityfocus.com/bid/108327 https://www.ibm.com/support/docview.wss?uid=ibm10883350

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website...

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DeviceIoControl where the software reads from a buffer using buffer access mechanisms such...

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in which it incorrectly loads Windows system DLLs without validating the path or signature (also known as a binary planting or...

NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static...

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Date published : 2019-05-10 https://security.netapp.com/advisory/ntap-20190509-0005/

OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Date published :...

OnCommand Unified Manager 7-Mode prior to version 5.2.4 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Date published : 2019-05-10 https://security.netapp.com/advisory/ntap-20190509-0006/