14 matches found
EUVD-2020-25592
Malware in sbrugna...
EUVD-2025-23989
Malicious code in bioql PyPI...
EUVD-2024-42861
Malicious code in bioql PyPI...
EUVD-2023-35328
Malicious code in bioql PyPI...
EUVD-2024-45780
Malicious code in bioql PyPI...
Security Bulletin: IBM i is affected by stack based buffer overflow and unspecified vulnerabilities in IBM Java SDK and IBM Java Runtime for IBM i [CVE-2025-21587, CVE-2025-30698, CVE-2025-4447].
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are affected by a stack based buffer overflow and other unspecified vulnerabilities as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabiliti...
Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484].
Summary International Components for Unicode ICU is a C and C++ library that provides Unicode services used for writing global applications in ILE programming languages. IBM i licensed program option 39 International Components for Unicode is currently built using ICU4C version 4.0. This version...
Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Advanced Job Scheduler for i [CVE-2025-33122].
Summary IBM i affected by a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call vulnerability in IBM Advanced Job Scheduler for i as described in the vulnerability details section. This bulletin identifies the steps to take to...
CVE-2024-31878
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server SST is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538...
CVE-2025-2950 IBM i improper HTTP header neutralization
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior...
Security Bulletin: IBM i is vulnerable to an out-of-bounds write in NTP services due to multiple vulnerabilities.
Summary IBM i is vulnerable to an out-of-bounds write due to a flaw in mstolfp.c in NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in t...
Security Bulletin: IBM i is vulnerable to bypassing Navigator for i interface restrictions and a server-side request forgery [CVE-2024-51463, CVE-2024-51464].
Summary IBM i is vulnerable to bypassing IBM Navigator for i interface restrictions and a server-side request forgery SSRF as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in the remediation/fixes section...
CVE-2024-51464
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i...
CVE-2024-47104 IBM i incorrect privilege assignment
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated...