Lucene search
+L

89 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
CNNVD
CNNVD
added 2022/03/01 12:0 a.m.8 views

Elasticsearch 安全漏洞

Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch is vulnerable to privilege permission and access control issue...

4.3CVSS5.2AI score0.00909EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/08/12 6:15 p.m.2 views

CVE-2021-36958

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or...

9.3CVSS8AI score0.31729EPSS
Exploits0References2Affected Software25
CNVD
CNVD
added 2021/08/03 12:0 a.m.25 views

Cybozu Garoon Workflow Incorrect Input Validation Vulnerability

A security vulnerability exists in Workflow in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to change workflow data without proper privileges...

4.3CVSS3.8AI score0.0078EPSS
Exploits0References1
OSV
OSV
added 2021/07/16 5:15 p.m.6 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

9.8CVSS5.8AI score0.02002EPSS
Exploits0References3
NVD
NVD
added 2021/07/16 5:15 p.m.18 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

9.8CVSS0.02002EPSS
Exploits0References3
Prion
Prion
added 2021/07/16 5:15 p.m.13 views

Authentication flaw

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

6.8CVSS9.1AI score0.02002EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/07/16 4:50 p.m.17 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

5.9CVSS9.2AI score0.02002EPSS
Exploits0References3
CVE
CVE
added 2021/07/16 4:50 p.m.35 views

CVE-2020-4821

This CVE-2020-4821 affects IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1. The vulnerability allows authentication bypass when configured to use LDAP with anonymous binding, via an empty password. IBM bulletins (Security Bulletin: IBM Data Replication ...

9.8CVSS9.2AI score0.02002EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/09/11 12:0 a.m.1 views

Microsoft Windows Elevation of Privilege Vulnerability (CNVD-2020-54910)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows, which can be exploite...

7.8CVSS7.5AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2020/08/17 7:15 p.m.4 views

CVE-2020-1571

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or...

7.3CVSS7.5AI score0.01076EPSS
Exploits0References1
OSV
OSV
added 2020/08/17 7:15 p.m.3 views

CVE-2020-1554

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

7.8CVSS7.1AI score0.03463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.3 views

PT-2019-3029 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the Windows kernel. This can be exploited by an attacker to elevate their privileges and run arbitrary code in kernel mode...

7.8CVSS8AI score0.00944EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2019/04/09 7:0 a.m.30 views

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver luafv.sys. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change...

7.8CVSS2.9AI score0.02785EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/11 4:15 p.m.30 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by Apache Commons Codec open source library vulnerabilities

Summary InfoSphere Data Replication has addressed the following vulnerabilities: CVE-2010-0001 CVE-2009-0001 Vulnerability Details CVEID: CVE-2010-0001 DESCRIPTION: GNU gzip could allow a remote attacker to execute arbitrary code on the system caused by an integer underflow in the unlzw function...

9.3CVSS1.8AI score0.06803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/11 4:15 p.m.24 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a jackson-core open source library vulnerability (CVE-2018-0125)

Summary InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-0125 Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow a remote attacker to execute arbitrary code on the system, caused by an incomplete input validation on user-controll...

10CVSS2.5AI score0.55409EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 9:25 p.m.28 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)

Summary IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 - Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML datatype and XmlVTI. An attacker could...

9.1CVSS1AI score0.12173EPSS
Exploits0Affected Software1
Prion
Prion
added 2018/07/18 11:29 p.m.18 views

Design/Logic Flaw

A vulnerability in the Policy Builder database of Cisco Policy Suite before 18.2.0 could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability by connecting...

7.5CVSS9.2AI score0.02725EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 1:40 p.m.28 views

Security Bulletin: Vulnerability in InstallAnywhere affects IBM InfoSphere Change Data Capture installers (CVE-2016-4560)

Summary InstallAnywhere generates installation executables on Microsoft Windows which are vulnerable to a DLL-planting exploit affecting the Change Data Capture CDC components within the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Delivery families of products. Vulnerability...

7.8CVSS1.1AI score0.00537EPSS
Exploits1Affected Software2
Check Point Advisories
Check Point Advisories
added 2014/12/28 12:0 a.m.36 views

Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)

A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...

9.3CVSS7.2AI score0.18885EPSS
Exploits1
Rows per page
Query Builder