CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

GHSA-X2PG-MJHR-2M5X Exposure of Sensitive Information to an Unauthorized Actor in semantic-release

Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...

Security Bulletin: Multiple vulnerabilities in TLS in Cloud Pak for Automation

Summary There are multiple vulnerabilities in the TLS protocol implementation in Business Automation Insights BAI in Cloud Pak for Automation. These have been addressed. Vulnerability Details CVEID: CVE-2013-0169 DESCRIPTION: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used...

CVE-2019-12135

An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19.0.3 and earlier allows remote attackers to execute arbitrary code via an unspecified vector...