CVE-2017-1627

The IBM bulletin for CVE-2017-1627 states that IBM Resilient is affected by a resource exhaustion issue due to insufficient limits on resources requested or influenced by an actor. Affected versions: IBM Resilient 27.0–27.2 and 28.0–28.3. Impact: potential consumption of more resources than inten...

CVE-2017-1529

CVE-2017-1529 is publicly documented via IBM for Rational DOORS Next Generation with potential for a cross-site scripting (XSS) attack in the Web UI. The IBM bulletin actually references CVE-2018-1529 and affects Rational Requirements Composer 5.0.x (5.0.0–5.0.2) and Rational DOORS Next Generatio...

CVE-2018-1689

CVE-2018-1689 is an IBM Jazz Foundation cross-site scripting (XSS) vulnerability affecting IBM CLM/Rational products that use Jazz technology. The IBM bulletin enumerates affected suites (e.g., CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.) and lists CVE-2018-1689 as a vulnerability where ...

CVE-2019-4251

CVE-2019-4251 is an IBM Rational Quality Manager cross-site scripting vulnerability affecting RQM 6.0–6.0.6.1. An attacker could embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. Remediation for 6.0.x is to upgrade to 6.0.6.1 iFix004...

CVE-2021-29876

Summary : CVE-2021-29876 is implicated in IBM Robotic Process Automation with Automation Anywhere 11.0 via a Lucky Thirteen timing attack on CBC-mode TLS, enabling a MITM to potentially obtain plaintext. Affected version : 11.0. Impact : confidentiality risk (C:H) with no server-side integrity im...

CVE-2011-2036

Technical details for CVE-2011-2036 are not publicly available in the provided documents. Monitor for updates.

CVE-2012-0422

CVE-2012-0422 is acknowledged within IBM advisories as part of the Oracle Java SDK-related fixes shipped with WebSphere-related products. The connected IBM pages describe remediation for other CVEs (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169) and list affected WebSphere SDK versions (8.5.x, 8.0....

CVE-2020-22346

IBM Spectrum Protect Operations Center (versions 8.1.0.000–8.1.13.x) is vulnerable to CVEs CVE-2022-22348 (reverse tabnabbing) and CVE-2022-22346 (CSRF). Affected versions may allow an attacker to cause tabnabbing or unauthorized actions via CSRF. Remediation: upgrade to 8.1.14. CVSS bases: 4 and...

CVE-2022-35550

The IBM Security Bulletin for CVE-2022-35550 (linked to CVE-2021-35550 in the bulletin) indicates an information-leak vulnerability in IBM Cloud Pak for Multicloud Management Monitoring where Java SE JSSE usage by multiple components could allow an unauthenticated attacker to obtain sensitive inf...

Denial Of Service(DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

When connected to Windows welcome/lock screen, the keyboard layout will revert to the system default

When presented with welcome/lock screen of Windows, the keyboard layout will revert to the system default layout of VDA on windows station. This is particularly problematic when changing passwords...

CVE-2019-14435

According to connected Veracode data, the vulnerability affects rancher/rancher and is categorized as Information Disclosure caused by missing or improper Content-Security-Policy header values. The server response can leak confidential information, including Cookie values. There is no version or ...

CVE-2019-14436

Summary: The connected Veracode record indicates a privilege escalation vulnerability in github.com/rancher/rancher caused by improperly enforced API group rules. A project owner with permissions to edit role bindings can allocate a cluster-level role to themselves or others, effectively granting...

CVE-2019-17591

Bolt CMS 3.x contains a CSRF vulnerability (CVE-2019-17591) demonstrated by public exploits targeting Bolt CMS 3.6.10. The exploit describes an authenticated user CSRF payload that posts to /index.php/async/folder/create to perform actions on behalf of the user. Connected sources show CSRF risk i...

CVE-2019-9887

The connected VERACODE entry describes a Cross-site Scripting (XSS) issue in the johnpbloch/wordpress package, caused by a flawed sanitization path where wp_filter_post_kses is used instead of wp_filter_kses. This allows HTML tags to pass through and be interpreted by the browser. The document do...

CVE-2019-14803

CVE-2019-14803 is connected to a privilege-escalation issue in HashiCorp Nomad via the exec driver, caused by improper setuid permissions. The Veracode entry confirms Nomad as affected and notes the root cause as the exec driver having improper setuid permissions. No exploit/vector details are pr...

CVE-2019-14803

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2019-15928

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

CVE-2020-17455

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

PT-2022-8901 · Unknown · Markdown-It-Toc

Name of the Vulnerable Software and Affected Versions: markdown-it-toc versions affected versions not specified Description: The issue affects the generation of the table of contents toc in markdown-it-toc, where the title of the generated toc and the contents of the header are not properly...