Security Bulletin: IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution. (CVE-2023-35012)

Summary IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution as Db2 instance owner. Vulnerability Details CVEID:CVE-2023-35012 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server with a Federated configuration is vulnerable to a stack-based...

CVE-2019-6795

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to unicode, which could be used for social...

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

Information disclosure

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Information Disclosure issue 4 of 6. In some cases, users without project permissions will receive emails after a project move. For private projects, this wi...

CVE-2019-6996

Removed by vendor...

Design/Logic Flaw

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, a user with the Resource Administrator role is able to overwrite sensitive low-level files such as /etc/passwd using SFTP to modify user permissions, without Advanced Shell access. This is contrary to o...

PT-2019-18199 · F5 · F5 Big-Ip

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 11.5.2 through 11.5.8 F5 BIG-IP versions 11.6.1 through 11.6.3.4 F5 BIG-IP versions 12.1.0 through 12.1.4 F5 BIG-IP versions 13.0.0 through 13.1.1.4 F5 BIG-IP versions 14.0.0 through 14.1.0.1 Description: A user with the...

CVE-2019-6796

Summary: CVE-2019-6796 affects GitLab Community and Enterprise Edition in versions before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1, with a persistent XSS in the user status field due to insufficient input validation and output encoding. What is affected: GitLab core components handl...

CVE-2019-6605

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, and 12.0.x, an undisclosed sequence of packets received by an SSL virtual server and processed by an associated Client SSL or Server SSL profile may cause a denial of service...

CVE-2019-6604

On BIG-IP 11.5.1-11.5.8, 11.6.1-11.6.3, 12.1.0-12.1.3.6, 13.0.0-13.1.1.1, and 14.0.0-14.0.0.2, under certain conditions, hardware systems with a High-Speed Bridge and using non-default Layer 2 forwarding configurations may experience a lockup of the High-Speed Bridge...

Code injection

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, when processing fragmented ClientHello messages in a DTLS session TMM may corrupt memory eventually leading to a crash. Only systems offering DTLS connections via APM are impacted...

CVE-2019-6601

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager AAM wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts...

CVE-2003-0633

CVE-2003-0633 affects Oracle E-Business Suite 11.5.1–11.5.8, specifically the AOL/J Setup Test Suite component aoljtest.jsp. The vulnerabilities allow a remote attacker to obtain sensitive information without authentication, including the GUEST user password and the application server security ke...