113 matches found
Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in MIT keb5 (CVE-2022-42898)
Summary IBM Security Guardium has fixed this vulnerability by upgrading the version of MIT krb5 that it uses. Vulnerability Details CVEID:CVE-2022-42898 DESCRIPTION: MIT krb5 is vulnerable to a denial of service, caused by an integer overflow in PAC parsing in the krb5parsepac function. By sendin...
IBM Security Guardium Input Validation Error Vulnerability
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An input validation error vulnerability exists in IBM...
IBM Security Guardium License Issue Vulnerability (CNVD-2023-68784)
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. An authorization issue vulnerability exists in IBM Security...
CVE-2022-43910
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908...
PT-2023-14392 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.3 Description: The issue is due to improper input validation, which could allow an authenticated user to cause a denial of service. Recommendations: For IBM Security Guardium version 11.3, at the moment, there...
PT-2023-14395 · Ibm · Ibm Security Guardium
Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 11.3 Description: The issue allows a local user to escalate their privileges due to improper permission controls. Recommendations: For IBM Security Guardium version 11.3, consider restricting access to sensitive...
SUSE CVE-2019-18459
An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions issue 3 of 4...
Server side request forgery (ssrf)
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
CVE-2022-3482
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only...
PT-2023-13985 · Re Logic · Reqlogic
Name of the Vulnerable Software and Affected Versions: ReQlogic version 11.3 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters. This enables the execution of malicious code on the web...
Security Bulletin: IBM InfoSphere Master Data Management Reference Data Management Hub is affected by a user password being stored in plain text vulnerability (CVE-2017-1309)
Summary IBM InfoSphere Master Data Management Reference Data Management Hub has addressed the following vulnerability. IBM InfoSphere Master Data Management Reference Data Management Hub stores user credentials in plain text which can be read by a local user. Vulnerability Details CVEID:...
Security Bulletin: IBM InfoSphere Master Data Management Collaborative Edition affected by Privilege Escalation security vulnerabilities (CVE-2015-7424)
Summary IBM InfoSphere Master Data Management - Collaborative Edition is vulnerable to Privilege Escalation. Vulnerability Details CVEID: CVE-2014-7424 DESCRIPTION: Provide sufficient details for someone to tell if they have the problem, but not enough detail that someone with malicious intent...
PT-2022-11086 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.3 and later Description: The issue concerns the endpoint for auto-completing Assignee, which discloses the members of private groups. Recommendations: For GitLab CE/EE versions 11.3 and later, consider restricting...
GitLab 11.1.x - 11.1.7, 11.2.x - 11.2.4, 11.3.x - 11.3.1 Information Disclosure Vulnerability
GitLab is prone to an exposure of sensitive information to an unauthorized actor vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
ManageEngine ServiceDesk Plus Multiple Versions Authentication Bypass
Zoho ManageEngine ServiceDesk Plus versions 11.3 before 11302, 11.2 before 11208, 11.1 before 11145 and 11.0 before 11012 are vulnerable to authentication bypass that allows a few REST-API URLs without authentication. Note that Nessus has not tested for this issue but has instead relied only on t...
Adobe Connect CSRF Vulnerability (APSB21-112)
Adobe Connect is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cross site scripting
IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
IBM Security Guardium Hardcoded Credential Vulnerability
IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.3 contains a hard-coded credential vulnerability. An...
CVE-2021-1861
An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache...
Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement
Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement, also known as the server components. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial...