214 matches found
Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...
CVE-2023-40683
IBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized...
EUVD-2016-7674
Malware in sbrugna...
EUVD-2013-0170
Malware in sbrugna...
Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass
Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2022-36227 DESCRIPTION: libarchive s vulnerable to a denial of service, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 4.1.1 Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in t...
Security Bulletin: Vulnerabilities in Eclipse jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerabilities in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...
Security Bulletin: Vulnerability in Spring Core affect watsonx.data
Summary Spring Core is vulnerable to security restriction bypass attacks, to denial of service attacks, and to arbritrary code excution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-1199 DESCRIPTION: Pivotal Spring Security and Spring Framework could allow a remot...
Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)
Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...
CVE-2024-9654
CVE-2024-9654 concerns Easy Digital Downloads for WordPress (versions 3.1–3.3.4). The issue is Improper Authorization in verify_guest_email, allowing unauthenticated attackers to view other users’ purchase receipts (which include a download link). Exploitation requires knowledge of another custom...
KLA77556 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory...
Apple MacOSX Security Update (HT121570)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow
Summary IBM Business Automation Workflow Configuration Editor is packaging a vulnerable version of the Node.js runtime and vulnerable library versions. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of...
Security Bulletin: IBM Engineering Systems Design Rhapsody - Model Manager - Race Condition Format Flaw (Uses of non-thread safe SimpleDateFormat.format() when enabling DEBUG log for IDMappingsService.verbose)
Summary In 'IBM Engineering Systems Design Rhapsody - Model Manager RMM' if DEBUG logging is enabled for 'IDMappingsService.verbose', then there is a possibility of an incorrect date being written to the logs, or the possibility of an exception being thrown due to a race-condition involving the u...
Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [ CVE-2023-51767]
Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-51767 Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH could allow a local authenticated attacker to bypass security restrictions,...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...
Mozilla Firefox ESR Security Update (MFSA2024-34) - Mac OS X
Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...
Security Bulletin: Common vulnerabilities fixed in EDB Postgres Advanced Server (EPAS)
Summary Common vulnerabilities fixed in EDB Postgres Advanced Server EPAS Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the accesshistory function. By...