196 matches found
CVE-2024-27461
Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to potentially enable denial of service via local access...
CVE-2024-27461
Incorrect default permissions in software installer for IntelR MAS GUI may allow an authenticated user to potentially enable denial of service via local access...
Intel® MAS (GUI) Software Advisory
Summary: A potential security vulnerability in Intel® Memory and Storage Tool GUI Intel® MAS may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-27461 Description: Incorrect default permissions in softwa...
Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords OTPs for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore MAS and the...
Security Bulletin: IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025
Summary IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION...
Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-22329)
Summary There is a vulnerability in WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2024-22333)
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-22333 DESCRIPTION: IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS...
DEBIAN-CVE-2024-36891
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...
AZL-42474 CVE-2024-36891 affecting package kernel for versions less than 6.6.35.1-4
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...
UBUNTU-CVE-2024-36891
In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...
DEBIAN-CVE-2024-36019
In the Linux kernel, the following vulnerability has been resolved: regmap: maple: Fix cache corruption in regcachemapledrop When keeping the upper end of a cache block entry, the entry array must be indexed by the offset from the base register of the block, i.e. max - mas.index. The code was...
Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)
Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...
mas-masia.com Cross Site Scripting vulnerability OBB-3914942
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)
Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-22036 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow a remo...
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity (XXE) attack (CVE-2024-27266)
Summary IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...
mas-anton.com Cross Site Scripting vulnerability OBB-3904788
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-36483 MAS (a Carrier brand) MASmobile Classic Authorization Bypass
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2023-32335)
Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-32335 DESCRIPTION: IBM Maximo Asset Management stores sensitive information in URL parameters. This may lead to information disclosure if...
Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)
Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...
CVE-2023-41090
Race condition in some IntelR MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access...