CVE-2024-5591

The CVE-2024-5591 issue affects IBM Jazz Foundation/Jazz on IBM Engineering Lifecycle Management (ELM) versions 7.0.2, 7.0.3, and 7.1.0. The root cause is information disclosure via detailed browser error messages (CWE-209), allowing a remote attacker to obtain sensitive information and potential...

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser..

Summary When an error message is generated, care should be taken to ensure that it does not contain sensitive information about the environment, users or any other information that may be considered sensitive. Such information may be valuable itself or may be useful for further attacks with a...

PHP CPMS 2.0 SQL Injection Vulnerability

Titles: PHP - CPMS Version 2.0 SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Reference: https://portswigger.net/web-security/sql-injection Description: The username parameter appears to be...

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

CVE-2024-56527

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message...

IBM Engineering Lifecycle Optimization-Engineering Insights Information Disclosure Vulnerability

IBM Engineering Lifecycle Optimization - Engineering Insights ENI is a collaborative, Web-based application from IBM. An information disclosure vulnerability exists in IBM Engineering Lifecycle Optimization - Engineering Insights. The vulnerability is due to the fact that the affected version cou...

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. When an error message is...

Application launch is stuck at the stage "Please wait for the Local Session Manager"

Application launch is stuck at the stage "Please wait for the Local Session Manager". Launch is initiated using FAS enabled storefront URL. No error message displayed to user. No credential prompt. The launch works fine when using storefront URL without FAS...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL13-2024-008)

The version of postgresql installed on the remote host is prior to 13.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL13-2024-008 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

Amazon Linux 2 : postgresql (ALASPOSTGRESQL14-2024-014)

The version of postgresql installed on the remote host is prior to 14.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2024-014 advisory. Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change...

IBM Security Guardium Key Lifecycle Manager Information Disclosure Vulnerability (CNVD-2025-01796)

IBM Security Guardium Key Lifecycle Manager is an encryption key management tool from International Business Machines IBM. It centralizes, simplifies and automates the key management process. An information disclosure vulnerability exists in IBM Security Guardium Key Lifecycle Manager, which can ...

K000149072: PostgreSQL vulnerabilities CVE-2015-5288, CVE-2015-3165, CVE-2014-8161, and CVE-2014-2669

Security Advisory Description CVE-2015-5288 The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service server crash or read arbitrary server memory via a...

CVE-2024-52897

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

CVE-2024-52897

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

CVE-2024-52897 IBM MQ information disclosure

IBM MQ 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

Information Disclosure

apachesuperset is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages, exposing sensitive analytics metadata, which allows an attacker to gain access to this information, potentially aiding in further attacks or revealing system details...

Important: postgresql

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

PT-2024-35475 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD Description: The issue allows a remote attacker to obtain sensitive information when a detailed technical error message is returned. This occurs in the web console of the affected...

Important: postgresql

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...

Important: postgresql15

Issue Overview: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query...