138 matches found
CVE-2025-27408
Manifest offers users a one-file micro back end. Prior to version 4.9.2, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt,...
The vulnerabilities of the microprogrammed Ethernet switch software from Moxa series, including EDR-810, EDR-8010, EDR-G902, EDR-G903, EDR-G9004, EDR-G9010, EDG-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900, are related to the use of weak security mechanisms. These vulnerabilities allow attackers to exploit them to gain increased privileges.
The vulnerabilities of the microprogrammed Ethernet switch software from Moxa series, including EDR-810, EDR-8010, EDR-G902, EDR-G903, EDR-G9004, EDR-G9010, EDG-G1002-BP, NAT-102, OnCell G4302-LTE4, and TN-4900, are related to the use of weak security mechanisms. Exploiting these vulnerabilities...
Security Bulletin: Vulnerability in certifi-2024.2.2-py3-none-any.whl can affect IBM Storage Scale
Summary There is a vulnerability in certifi-2024.2.2-py3-none-any.whl, used by IBM Storage Scale, which could provide weaker than expected security. CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by...
Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a WebSphere Liberty vulnerability (CVE-2023-46158)
Summary IBM Sterling Global Availability Mailbox is affected by IBM WebSphere Application Server Liberty it could provide weaker than expected security with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature enabled. Vulnerability Details...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...
The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers allows a hacker to replace the user’s interface.
The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers is related to improper security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to replace the user interface with a specially created HTML page...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy
Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...
Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a weak security (CVE-2024-39689)
Summary There is a weak security in Certifi python-certifi used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could...
The vulnerability of the user interface of the SAP CRM WebClient UI, which allows an attacker to perform XSS attacks.
The vulnerability of the SAP CRM WebClient UI user interface lies in the lack of security measures taken to protect the web page structure. Exploiting this vulnerability allows an attacker to execute XSS attacks remotely...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights
Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
CVE-2022-40745
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452...
PT-2024-11636 · Ibm · Ibm Aspera Faspex
Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex versions 5.0.0 through 5.0.7 Description: The issue allows a local user to obtain sensitive information due to weaker than expected security. Recommendations: For IBM Aspera Faspex versions 5.0.0 through 5.0.7, update to a...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-50313)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
IBM Cloud Pak System Security Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from International Business Machines IBM. The product supports deploying, managing and moving application environments across hybrid clouds. IBM Cloud Pak has a security vulnerability that...
Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS Transaction Gateway Desktop Edition and for Multiplatforms are vulnerable to weaker than expected security due to improper resource expiration handling (CVE-2023-46158).
Summary There is a vulnerability in IBM WebSphere Liberty, which is shipped as part of both IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms. Updates to IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms...
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system arises from the lack of security measures taken to protect the website’s structure. This vulnerability allows attackers to execute XSS attacks.
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system exists due to the lack of security measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34058 DESCRIPTION: VMware Tools could allow a remote attacker to gain elevate...
Security Bulletin: Security Vulnerabilities in Liberty affect IBM Voice Gateway
Summary Security Vulnerabilities in Liberty affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending numerous HTTP/2 requests and...
Security Bulletin: Vulnerability in cryptography may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2023-23931, CVE-2023-38325)
Summary Vulnerabilities in python cryptography may affect IBM Spectrum Sentinel Anomaly Scan Engine. Vulnerabilities include: Python cryptography allowing remote attacker bypass authentication and obtain access to launch further attacks on the system. Vulnerability Details CVEID:CVE-2023-23931...