Security Bulletin: Vulnerabilities in IBM Java and Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products
## Summary Multiple vulnerabilities in IBM® Runtime Environment Java Technology Edition and Apache Tomcat affect the product's management GUI. The Command Line Interface is unaffected. ## Vulnerab ...
Continue Reading
August 04, 2022
## Summary Spring Framework is used by IBM Watson Explorer Foundational and Analytical Components. IBM Watson Explorer has addressed the applicable CVE (CVE-2022-22971, CVE-2022-22968, CVE-2022-22970) ...
Continue Reading
August 04, 2022
## Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Spring Framework. ## Vulnerability Details ** CVEID: **[CVE-2022-22971]() ** DESCRIPTION: **Vmware Tanzu Spr ...
Continue Reading
August 04, 2022
ruby:2.5 security update
ruby [2.5.9-110] - Fix FTBFS due to an incompatible load directive. - Fix a fiddle import test on an optimized glibc on Power 9. - Fix by adding length limit option for methods that parses date strin ...
Continue Reading
August 03, 2022
CVE-2022-32212
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address ...
Continue Reading
August 03, 2022
Security update for python-jupyterlab (important)
An update that fixes one vulnerability is now available. Description: This update for python-jupyterlab fixes the following issues: Update to 2.2.10: * Remove `form` tags' `action` attribute ...
Continue Reading
August 02, 2022
(RHSA-2022:5779) Moderate: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: Regular expression den ...
Continue Reading
August 01, 2022
[SECURITY] Fedora 36 Update: golang-github-boltdb-bolt-1.3.1-16.fc36
Bolt is a pure Go key/value store inspired by Howard Chu's LMDB project. The goal of the project is to provide a simple, fast, and reliable database for projects that don't require a full database se ...
Continue Reading
July 30, 2022
Websocket client connections are vulnerable to man-in-the-middle attacks via DNS spoofing. When looking up a WSS endpoint using a DNS TXT record, the server TLS certificate is incorrectly validated u ...
Continue Reading
July 29, 2022
