Security Bulletin: Privilege escalation vulnerability affects IBM® Db2® Administrative Task Scheduler (CVE-2018-1711).

Summary Db2 Administrative Task Scheduler ATS is vulnerable to a privilege escalation attack. A user with appropriate authorization can modify the contents of the control tables used by the ATS to permit unauthorized access to user data. Unauthorized access includes both access to authorizations...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

EulerOS 2.0 SP8 : polkit (EulerOS-SA-2019-1656)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in PolicyKit aka polkit 0.115 that allows a user with a uid greater than INTMAX to successfully execute any systemctl...

Authorization Bypass

PolicyKit is vulnerable to authorization bypass attacks. This occurs when authentication is performed by a non-root user to perform an administrative task which may lead to an authentication crash temporarily. A local attacker could use this flaw to gain access to elevated privileges...

IBM DB2 Elevation of Privilege Vulnerability (CNVD-2018-20056)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A privilege extraction vulnerability exists in the Administrative Task Scheduler ATS in IBM DB2...