Posts by Noe

Security bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable due to multiple security flaws, mostly related to JAVA components. IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are susceptible to a remote attack causing an impact on confidentiality (CVE-2024-21145), availability (CVE-2024-21144), integrity (CVE-2024-21131) and…

IBM has discovered a vulnerability in the MD5 signature and hash algorithm. [CVE-2015-7575] This is a SLOTH or “Security Losses from Obsolete and Truncated Transcript Hashes” attack. Simply put, SLOTH is an acronym for the loss of security due to the use of obsolete and truncated hash constructs in major Internet protocols.For example, it has…

New vulnerability published by IBM concerning the Node.js development environment, and more precisely IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition [CVE-2024-36138]. As a reminder, Node.js is used as the runtime/SDK for Apache Cordova applications in IBM Rational Developer for i RPG and COBOL + Modernization Tools Java edition.In detail,…

📢 New security bulletin from IBM – CVE-2024-6387 🚨 IBM HTTP Server (powered by Apache) is vulnerable to several critical attacks:✔️ Denial of service (DoS) 💥✔️ Arbitrary code execution 🖥️⚠️✔️ Unauthorized access to system files 🔓 These vulnerabilities affect the Apache HTTP Server, used by the IBM HTTP Server, and allow remote attackers to compromise…

📢 IBM has issued a new security bulletin [CVE-2024-6387] concerning vulnerabilities affecting BIND and its ISC links on IBM i. 💡 Why is it important?BIND(Berkeley Internet Name Domain) is the most widely used open-source DNS server today. Developed by theInternet Systems Consortium (ISC), it plays a key role in domain name management. ⚠️ Problem: ISC…

Hello everyone! New security bulletin published by IBM [CVE-2024-6387]. OpenSSH used by IBM i could allow a remote attacker to execute arbitrary code on the system. This stems from a signal handler race condition that has been incorrectly programmed. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code…

Security bulletin [CVE-2024-31878]. Hello everyone, today a new vulnerability was discovered in “IBM i Service Tools Server (SST)”.The service tool is vulnerable to enumeration of SST users by a remote attacker. This vulnerability can be used by a malicious actor to collect information about SST users who may be targeted in further attacks.The CVSS score…

A new alert, derived from the previous posts, because it doesn’t directly concern the installation of Node.js, but one of its possible imports. The flaw we’re talking about today stems from the import of the libuv library into Node.js.For information or reminder libuv is mainly used to support asynchronous I/O based on event loops.Its flaw…

Hello everyone! 👉 This post is the second part of our security bulletin on OpenSSL, following on from our first part on Node.js (📎 link to first part here). Today, we focus on vulnerabilities discovered in the OpenSSL library, widely used for SSL and TLS connection management. 🔍 Summary of vulnerabilities OpenSSL is affected by…