CVE-2023-38005

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

CVE-2023-38005

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

CVE-2023-38005 Improper Access Control and Exposure of Information Through Directory Listing vulnerabilities affect IBM Cloud Pak System[, ]

IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls...

PT-2026-20209

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System versions 2.3.3.6 through 2.3.5.0 Description The software contains improper access controls, potentially allowing an authenticated user to perform unauthorized tasks. Recommendations IBM Cloud Pak System version 2.3.3.6...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check the relabel-self list, which could lead to the creation of labels by unauthorized tasks...

EUVD-2023-28594

Malicious code in bioql PyPI...

EUVD-2023-28593

Malicious code in bioql PyPI...

PT-2023-21864 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.0.0 Description: The issue affects vantage6, a privacy-preserving federated learning infrastructure. Malicious users may attempt to access resources they are not allowed to see by creating resources with integers ...

CVE-2023-24577

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks...

Design/Logic Flaw

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks...

Code injection

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks...

CVE-2023-24577

McAfee Total Protection prior to 16.0.50 allows attackers to elevate user privileges due to Improper Link Resolution via registry keys. This could enable a user with lower privileges to execute unauthorized tasks...

CVE-2023-24578

McAfee Total Protection prior to 16.0.49 allows attackers to elevate user privileges due to DLL sideloading. This could enable a user with lower privileges to execute unauthorized tasks...

Insufficient Session Expiration

pyloadng is vulnerable to Insufficient Session Expiration. The vulnerability exists because a user session does not expire in another browser if an admin deletes a user which allows an attacker to recreate the deleted users and perform unauthorized tasks...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...

CVE-2017-3965

Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...

CVE-2017-3965 SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability

Cross-Site Request Forgery CSRF aka Session Riding vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted...

CVE-2017-3965

The CVE-2017-3965 entry concerns the McAfee Network Security Management (NSM) web interface. The vulnerability is a Cross-Site Request Forgery (CSRF) flaw in NSM prior to 8.2.7.42.2 that enables remote attackers to perform unauthorized tasks by issuing specially crafted URLs. The affected compone...

CVE-2017-1000398

The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/agent-name/api showed information about tasks typically builds currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read...