Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2026-2534

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub44AC4C of the file /cgi-bin/mbox-config?method=SET=ptestbandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been...

CVE-2026-2534

CVE-2026-2534 affects Comfast CF-N1 V2 2.6.0.2. The vulnerability is located in the function sub_44AC4C of /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth, where manipulating the bandwidth argument leads to remote command injection. Public exploit has been disclosed; vendor did not respon...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data

Summary Multiple vulnerabilities in IBM Db2 12.1 affect IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux...

CVE-2024-2534

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2025-2534

creationtimestamp| type| source ---|---|--- 2025-11-07 19:21:22+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m52sd72t7iu2...

Linux Distros Unpatched Vulnerability : CVE-2022-2534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions...

Linux Distros Unpatched Vulnerability : CVE-2019-2534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.42 and prior, 5.7.24...

CVE-2022-2534

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration...

Linux Distros Unpatched Vulnerability : CVE-2011-2534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the clusteripprocwrite function in net/ipv4/netfilter/iptCLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a...

SUSE: Security Advisory (SUSE-SU-2024:2534-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : xen (SUSE-SU-2024:2534-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2534-1 advisory. - CVE-2024-2201: Mitigation for Native Branch History Injection XSA-456, bsc1222453 - CVE-2024-31143: Fixed double unlock in x86...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...

Amazon Linux 2 : ruby (ALAS-2024-2534)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2534 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PAS...

CVE-2024-2534 MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument userid leads to sql injection. It is possible to initiate the attack remotely. T...

CVE-2024-2534

CVE-2024-2534 affects MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. The vulnerability is an SQL injection in the file /admin/users.php, triggered by manipulating the parameter user_id. It is exploitable remotely, and the exploit has been disclosed publicly. Multiple connected sourc...

CVE-2024-2534

creationtimestamp| type| source ---|---|--- 2024-03-15 21:01:34+00:00| seen| https://t.me/ctinow/209134 2024-03-17 01:21:53+00:00| seen| https://t.me/ctinow/209742 2024-03-17 01:26:06+00:00| seen| https://t.me/ctinow/209744...

RHSA-2019:2534

creationtimestamp| type| source ---|---|--- 2024-03-11 07:41:55+00:00| seen| https://t.me/ctinow/204483...

CVE-2023-2534

CVE-2023-2534 affects OTRS 8 (Websocket API backend). The issue allows an authenticated Agent to track user behavior and gain live insight into overall system usage, with possible correlation of user IDs to real names via ticket histories. The vulnerability is associated with the Websocket push e...

CVE-2023-2534 Information disclouse and DoS via websocket push events

Improper Authorization vulnerability in OTRS AG OTRS 8 Websocket API backend allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. Fuzzing for...