CVE-2024-56467

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system...

CVE-2024-35144 IBM Maximo Application Suite information disclosure

IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system...

CVE-2023-38713

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...

CVE-2023-38713 IBM Cloud Pak System information disclosure

IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.3.7, and 2.3.3.7 iFix1 could disclose sensitive information about the system that could aid in further attacks against the system...

CVE-2024-40706

IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system...

CVE-2024-37070

IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-29138)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in versions prior to Mozilla Firefox 127, which can be exploited by attackers to launch further attacks on the system...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in versions prior to Mozilla Firefox 127, which can be exploited by attackers to launch further attacks on the system...

CVE-2024-25047

IBM Cognos Analytics is affected by CVE-2024-25047: injection attacks in application logging due to unsanitized user-supplied data. Affected versions are 11.2.0–11.2.4 and 12.0.0–12.0.2. Root cause is improper sanitization in logging code, enabling potential follow-on attacks. IBM recommends upgr...

Code injection

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665...

CVE-2023-38276

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736...

CVE-2023-38275

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730...

Information disclosure

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730...

PT-2023-14379 · Ibm · Ibm Security Verify Access Oidc Provider

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access OIDC Provider affected versions not specified Description: The issue could disclose directory information, potentially aiding attackers in further attacks against the system. There is no information provided about t...

Design/Logic Flaw

IBM Jazz Foundation IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498...

CVE-2023-33834

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014...

Information disclosure

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014...

Security Bulletin: A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services

Summary A security vulnerability in react-scripts affects IBM Cloud Pak for Multicloud Management Managed Services Vulnerability Details IBM X-Force ID: 217312 DESCRIPTION: Node.js istanbul-reports module could allow a remote attacker to obtain sensitive information, caused by a reverse tabnabbin...

CVE-2022-31186 Leakage of excessive information into log in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in next-auth before v4.10.2 and v3.29.9 allows an attacker with log access privilege to obtain excessive information such as an identity provider's secret in the log whi...

Information disclosure

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. IBM X-Force ID: 213726...