367 matches found
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component...
Tcman Gim 安全漏洞
Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A security vulnerability exists in Tcman Gim version v11, which stems from a lack of authorization and could lead to unauthorized access...
Tcman Gim 访问控制错误漏洞
Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. An access control error vulnerability exists in Tcman Gim version v11 that stems from a lack of authentication and could lead to unauthorized access...
CVE-2024-27223
In EUTRANLCSDecodeFacilityInformationElement of LPPLcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is n...
CVE-2022-29304
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete Facility...
CVE-2022-28713
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product...
CVE-2022-29994
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/managefacility=...
CVE-2010-3739
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...
CVE-2010-2151
Cross-site request forgery CSRF vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors...
DEBIAN-CVE-2025-37940
In the Linux kernel, the following vulnerability has been resolved: ftrace: Add condresched to ftracegraphsethash When the kernel contains a large number of functions that can be traced, the loop in ftracegraphsethash may take a lot of time to execute. This may trigger the softlockup watchdog. Ad...
Tiiwee X1 Alarm System 安全漏洞
Tiiwee X1 Alarm System is a home alarm system with motion detectors from Tiiwee. A security vulnerability exists in the Tiiwee X1 Alarm System that stems from an authentication bypass that could result in physical access to a protected facility without triggering an alarm...
Tcman Gim 代码问题漏洞
Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. A code issue vulnerability exists in Tcman Gim version v11, which stems from an insufficient file upload limit and could lead to remote code execution...
Tcman Gim SQL注入漏洞
Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. A SQL injection vulnerability exists in Tcman Gim version v11. The vulnerability stems from unvalidated input leading to a SQL injection attack that could obtain, update, and delete database informati...
Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the Apache Mina SSHD package (CVE-2023-48795)
Summary The Apache Mina SSHD package is used by the z/TPF system as part of the z/TPF secure file transfer support. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote...
CVE-2025-0662 Uninitialized kernel memory disclosure via ktrace(2)
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of...
CVE-2025-0662 Uninitialized kernel memory disclosure via ktrace(2)
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of...
CVE-2025-0662
CVE-2025-0662 affects FreeBSD ktrace(2): the facility can log kernel structures to userspace and, in one case, dump a variable-sized sockaddr, copying the full sockaddr even when shorter, leaking up to 14 uninitialized bytes of kernel memory from a heap allocation to userspace. The issue is explo...
FreeBSD ktrace 安全漏洞
FreeBSD ktrace is a tool from the FreeBSD Foundation for tracing system calls. An information disclosure vulnerability exists in FreeBSD ktrace due to a flaw in the ktrace facility. An attacker can exploit the vulnerability to obtain the contents of kernel structure information...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361 Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a...