Relion® 670 Security Vulnerabilities

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Functional Tester

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION:.....

Security Bulletin: Multiple vulnerabilities affect IBM Db2® REST

Summary IBM has released the below fix for IBM Db2® REST in response to multiple vulnerabilities found in multiple components. The vulnerabilities have been addressed. Vulnerability Details ** CVEID: CVE-2023-39323 DESCRIPTION: **Golang Go could allow a remote attacker to execute arbitrary code...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2023-43646 DESCRIPTION: **Chai.js Assertion Library get-func-name is...

CVE-2023-43511

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next...

CVE-2023-33120

Memory corruption in Audio when memory map command is executed consecutively in...

CVE-2023-33110

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory...

CVE-2023-33109

Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...

CVE-2023-33062

Transient DOS in WLAN Firmware while parsing a BTM...

CVE-2023-33033

Memory corruption in Audio during playback with speaker...

CVE-2023-33036

Permanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI...

CVE-2023-33030

Memory corruption in HLOS while running playready...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server Liberty is vulnerable to information disclosure due to Apache Santuario (CVE-2023-44483)

Summary There is a vulnerability in the Apache Santuario library used by IBM WebSphere Application Server Liberty when the wsSecurity-1.1, wsSecuritySaml-1.1 or samlWeb-2.0 feature is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

Design/Logic Flaw

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-48298 Integer underflow leading to stack overflow in FPC codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2023 - Includes Oracle October 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Denial Of Service Attack

org.grails:grails-databinding is vulnerable to Denial Of Service Attack. The vulnerability is due to a lack of validation in processing of web requests. An attacker can send specially crafted requests to cause a JVM crash or Denial of...

CVE-2023-48298

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an...

CVE-2023-46131 Grails® data binding causes JVM crash and/or DoS

Grails is a framework used to build web applications with the Groovy programming language. A specially crafted web request can lead to a JVM crash or denial of service. Any Grails framework application using Grails data binding is vulnerable. This issue has been patched in version 3.3.17, 4.1.3,...

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library. Vulnerability Details ** CVEID: CVE-2015-8383 DESCRIPTION: **PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of certain repeated conditional groups. By using a specially...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

Summary IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. Vulnerability Details ** CVEID: CVE-2023-29258 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service...

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)

Summary IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. Vulnerability Details ** CVEID: CVE-2023-46167 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated server is vulnerable to a denial of service...

Security Bulletin: IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. (CVE-2023-47701)

Summary IBM® Db2® could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-47701 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details ** CVEID: CVE-2022-1471 DESCRIPTION: **SnakeYaml could allow a...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. Vulnerability Details ** CVEID: CVE-2023-1370 DESCRIPTION: **netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query. Vulnerability Details ** CVEID: CVE-2023-43020 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query. CVSS Base score:...

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. Vulnerability Details ** CVEID: CVE-2023-38727 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted SQL statement....

Security Bulletin: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB or larger table. Vulnerability Details ** CVEID: CVE-2023-40687 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a...

Security Bulletin: IBM® Db2® is vulnerable to denial of service under extreme stress conditions. (CVE-2023-40692)

Summary IBM® Db2® is vulnerable to denial of service under extreme stress conditions. Vulnerability Details ** CVEID: CVE-2023-40692 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service under extreme stress conditions. CVSS Base...

Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library.

Summary IBM® Db2® is affected by multiple vulnerabilities in the open source zlib library. Vulnerability Details ** CVEID: CVE-2018-25032 DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

Summary IBM® Db2® could allow a user with DATAACCESS privileges to execute routines that they should not have access to. Vulnerability Details ** CVEID: CVE-2023-38003 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user with DATAACCESS privileges to.....

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to July 2023 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped IBM Business Automation Workflow. CVE-2023-22045, CVE-2023-22049) Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

Heap overflow

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

CVE-2023-47118 Heap buffer overflow in T64 codec decompression

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details ** CVEID:...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485,...

CVE-2023-47118

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...

MOKOSmart MKGW1 Gateway Improper Session Management

...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485,...

Intel BIOS Firmware CVE-2022-30539 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....

Intel BIOS Firmware CVE-2022-30704 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via...

Intel BIOS Firmware CVE-2021-0187 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local...

Intel BIOS Firmware CVE-2022-32231 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....

Intel BIOS Firmware CVE-2022-26837 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...

Intel BIOS Firmware CVE-2022-26343 (INTEL-SA-00717)

The version of the Intel BIOS on the remote device is affected by a vulnerability as identified in the INTEL-SA-00717 advisory. Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access....