27 matches found
EUVD-2019-13670
Malware in sbrugna...
EUVD-2020-25515
Malware in sbrugna...
EUVD-2020-25521
Malware in sbrugna...
EUVD-2019-13639
Malware in sbrugna...
EUVD-2024-29774
Malicious code in bioql PyPI...
Code injection
IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100...
CVE-2021-20348
CVE-2021-20348 describes a server-side request forgery (SSRF) affecting IBM Jazz Foundation and IBM Engineering products. An authenticated attacker could issue unauthorized requests from the system, enabling network enumeration or related abuse. Connected sources enumerate affected products (DOOR...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
Input validation
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4689
IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696...
CVE-2020-4530
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2020-4272
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID:...
Information disclosure
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-ForceID:...
Code injection
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID:...
CVE-2020-4294
IBM QRadar SIEM (7.3.0–7.3.3 Patch 2) is vulnerable to Server-Side Request Forgery via the RssFeedItem component due to missing URL validation, potentially allowing an authenticated attacker to send unauthorized requests from the appliance (network enumeration or further attacks). Root cause: lac...
CVE-2020-4272
CVE-2020-4272 affects IBM QRadar SIEM, specifically versions 7.3.0 through 7.3.3 Patch 2. The issue arises from an arbitrary object instantiation vulnerability in the QRadar Forensics web application that can be triggered by user-supplied input, allowing a remote attacker to include arbitrary fil...
CVE-2020-4269
Summary: CVE-2020-4269 affects IBM QRadar 7.3.0–7.3.3 Patch 2 and involves hard-coded credentials used for inbound authentication, outbound communication to external components, or encryption of internal data. The root issue is the presence of embedded credentials that can compromise confidential...
CVE-2019-4654
IBM QRadar SIEM is affected by CVE-2019-4654 in versions 7.3.0 through 7.3.3 Patch 2, where certificate validation is missing or incorrect, enabling MITM-based spoofing of a trusted entity. The primary affected component is QRadar’s TLS certificate validation mechanism, leading to potential infor...
Buffer overflow
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893...
Buffer overflow
IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894...