Lucene search
K

467 matches found

OSV
OSV
added 2025/01/25 2:15 p.m.3 views

CVE-2023-38714

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...

7.5CVSS5.7AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2025/01/25 2:5 p.m.54 views

CVE-2024-35134

CVE-2024-35134 concerns IBM Analytics Content Hub 2.0 where a remote attacker could obtain sensitive information via detailed browser error messages. Affected: IBM Analytics Content Hub 2.0. Root cause: generation of detailed error messages that reveal sensitive info. Impact: information disclosu...

5.3CVSS6.2AI score0.00359EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/18 4:15 p.m.4 views

CVE-2024-47106

IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2025/01/07 12:15 p.m.6 views

CVE-2024-52893

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

5.3CVSS5.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/03 5:12 p.m.17 views

CVE-2024-25020 IBM Cognos Controller file upload

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...

5.5CVSS5.5AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/03 4:43 p.m.23 views

CVE-2024-25035 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

5.3CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/03 4:43 p.m.15 views

CVE-2024-25035 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

5.3CVSS6.4AI score0.00301EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/12/03 4:21 p.m.5 views

gRPC: sensitive information disclosure

A flaw was found in gRPC. This flaw allows a remote attacker to obtain sensitive information, caused by a flaw when the gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker can obtain sensitive information, and use this information to launch...

7.5CVSS7.4AI score0.00502EPSS
Exploits0References5
CVE
CVE
added 2024/11/19 7:24 p.m.59 views

CVE-2024-37070

IBM Concert Software versions 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 are affected by CVE-2024-37070, enabling an authenticated user to obtain sensitive information that could aid in further attacks. The public sources in the connected documents identify this as an information-disclosure issue; no explo...

6.5CVSS4.2AI score0.00336EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.19 views

Magento Open Source Information Exposure vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in furth...

2.7CVSS6.6AI score0.00612EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/10 12:31 p.m.15 views

Magento Open Source Information Exposure vulnerability

Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in furth...

2.7CVSS6.6AI score0.0058EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/07/28 12:0 a.m.2 views

TOTOLINK A3600R 安全漏洞

The TOTOLINK A3600R is a wireless router. The TOTOLINK A3600R suffers from a hard-coded password vulnerability that originates from the use of hard-coded passwords in the Telnet service, which can be exploited by an attacker to cause tampering of the device configuration, disclosure of sensitive...

8.8CVSS6.7AI score0.00559EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2024/07/25 6:41 a.m.27 views

CVE-2024-6874

A buffer overread vulnerability was found in Curl's URL API function curlurlget. This issue allows a remote attacker to obtain sensitive information due to a punycode buffer overread flaw. By sending a specially crafted request, an attacker can gain sensitive information and potentially launch...

5.3CVSS6.4AI score0.00786EPSS
Exploits1References6
NVD
NVD
added 2024/07/08 4:15 p.m.31 views

CVE-2024-23562

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...

7.5CVSS0.00475EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/08 3:57 p.m.55 views

CVE-2024-23562 HCL Domino is susceptible to an information disclosure vulnerability

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...

5.3CVSS0.00475EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/28 6:12 p.m.29 views

CVE-2024-35156 IBM MQ information disclosure

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766...

6.5CVSS0.00534EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/28 6:12 p.m.22 views

CVE-2024-35156 IBM MQ information disclosure

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766...

6.5CVSS5.9AI score0.00534EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/10 6:30 a.m.19 views

Arbitrary File Write

mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...

8.8CVSS6.8AI score0.02382EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/22 4:6 p.m.41 views

Security Bulletin: Vulnerabilities Spring Boot, Spring Security and Spring Framework might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security, and Spring Framework. An attacker could exploit these vulnerabilities to cause a denial of service condition, to take over the application, to launch further attacks on the system, to bypa...

9.8CVSS7.6AI score0.35834EPSS
Exploits8Affected Software1
Prion
Prion
added 2024/02/02 1:15 p.m.20 views

Input validation

IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599...

5CVSS6.1AI score0.00611EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder