467 matches found
CVE-2023-38714
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...
CVE-2024-35134
CVE-2024-35134 concerns IBM Analytics Content Hub 2.0 where a remote attacker could obtain sensitive information via detailed browser error messages. Affected: IBM Analytics Content Hub 2.0. Root cause: generation of detailed error messages that reveal sensitive info. Impact: information disclosu...
CVE-2024-47106
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system...
CVE-2024-52893
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
CVE-2024-25020 IBM Cognos Controller file upload
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further...
CVE-2024-25035 IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...
CVE-2024-25035 IBM Cognos Controller information disclosure
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...
gRPC: sensitive information disclosure
A flaw was found in gRPC. This flaw allows a remote attacker to obtain sensitive information, caused by a flaw when the gRPC HTTP2 stack raised a header size exceeded error. By sending a specially crafted request, an attacker can obtain sensitive information, and use this information to launch...
CVE-2024-37070
IBM Concert Software versions 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 are affected by CVE-2024-37070, enabling an authenticated user to obtain sensitive information that could aid in further attacks. The public sources in the connected documents identify this as an information-disclosure issue; no explo...
Magento Open Source Information Exposure vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in furth...
Magento Open Source Information Exposure vulnerability
Magento Open Source versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in furth...
TOTOLINK A3600R 安全漏洞
The TOTOLINK A3600R is a wireless router. The TOTOLINK A3600R suffers from a hard-coded password vulnerability that originates from the use of hard-coded passwords in the Telnet service, which can be exploited by an attacker to cause tampering of the device configuration, disclosure of sensitive...
CVE-2024-6874
A buffer overread vulnerability was found in Curl's URL API function curlurlget. This issue allows a remote attacker to obtain sensitive information due to a punycode buffer overread flaw. By sending a specially crafted request, an attacker can gain sensitive information and potentially launch...
CVE-2024-23562
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...
CVE-2024-23562 HCL Domino is susceptible to an information disclosure vulnerability
A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. A remote unauthenticated attacker could exploit this vulnerability to obtain information to launch further attacks against the affected system...
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766...
CVE-2024-35156 IBM MQ information disclosure
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766...
Arbitrary File Write
mlflow is vulnerable to Arbitrary File Write. The vulnerability is due to improper santization within the mlflow.data.httpdatasetsource.py module, when fetching data over HTTP. The Content-Disposition header is used directly to construct the path where the file is saved to, which allows an attack...
Security Bulletin: Vulnerabilities Spring Boot, Spring Security and Spring Framework might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Spring Boot, Spring Security, and Spring Framework. An attacker could exploit these vulnerabilities to cause a denial of service condition, to take over the application, to launch further attacks on the system, to bypa...
Input validation
IBM Storage Protect Plus Server 10.1.0 through 10.1.15.2 Admin Console could allow a remote attacker to obtain sensitive information due to improper validation of unsecured endpoints which could be used in further attacks against the system. IBM X-Force ID: 270599...