SUSE CVE-2024-56635

In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in defaultoperstate syzbot reported an UAF in defaultoperstate 1 Issue is a race between device and netns dismantles. After calling rtnlunlock from netdevruntodo, we can not assume the netns of each devic...

IBM Engineering Lifecycle Optimization Publishing SQL Injection Vulnerability

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is IBM's software for engineering lifecycle management optimization. A SQL injection vulnerability exists in IBM Engineering Lifecycle Optimization - Publishing. A remote attacker could exploit this vulnerability by sending...

IBM DB2 SEoL (11.0.x <= x <= 11.1.x)

According to its version, IBM DB2 is between 11.0.x and 11.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVE...

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

CVE-2024-41768

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41765

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-41765

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

CVE-2024-41763

IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.0.3 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used in PUB, as described in multiple connec...

CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

CVE-2024-41766

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 are affected by CVE-2024-41766. A remote attacker can cause a denial of service by supplying a complex regular expression, leading to high availability impact. Affected products and versions: PUB 7.0.2 and 7.0.3. Root cause: inef...

CVE-2024-41766 IBM Engineering Lifecycle Optimization - Publishing denial of service

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression...

CVE-2024-41765 IBM Engineering Lifecycle Optimization - Publishing directory traversal

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...

CVE-2024-41765

CVE-2024-41765 affects IBM Engineering Lifecycle Optimization - Publishing (PUB) versions 7.0.2 and 7.0.3. A path traversal vulnerability allows remote attackers to view arbitrary files by sending specially crafted URLs containing dot-dot sequences (/../). IBM’s bulletin specifies CWE-22 (Path Tr...

CVE-2024-41765 IBM Engineering Lifecycle Optimization - Publishing directory traversal

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system...