From DHS/US-CERT's National Vulnerability Database
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
IBM DataPower Gateway 184.108.40.206 - 220.127.116.11, 18.104.22.168 - 22.214.171.124, 126.96.36.199 - 188.8.131.52, 184.108.40.206 - 220.127.116.11, 18.104.22.168 - 22.214.171.124, and 126.96.36.199 - 188.8.131.52 as well as IBM DataPower Gateway CD 184.108.40.206 - 220.127.116.11 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
IBM DataPower Gateway 18.104.22.168 - 22.214.171.124, 126.96.36.199 - 188.8.131.52, 184.108.40.206 - 220.127.116.11, 18.104.22.168 - 22.214.171.124, 126.96.36.199 - 188.8.131.52, and 184.108.40.206 - 220.127.116.11 as well as IBM DataPower Gateway CD 18.104.22.168 - 22.214.171.124 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.