FlatnuX CMS - Directory Traversal

A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo severity:...

Security Bulletin: A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption (CVE-2024-48924).

Summary A vulnerability in messagepack affects IBM Robotic Process Automation and my result in excessive CPU consumption. Messagepack is used by IBM Robotic Process Automation to serialize and deserialize data. This bulleten identifies the fixes required to resolve the vulnerability. Vulnerabilit...

CVE-2024-22361

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

CVE-2022-33159

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 228567...

CVE-2023-30440

CVE-2023-30440 affects IBM PowerVM Hypervisor across multiple firmware branches (FW860, FW950, FW1010, FW1020, FW1030). The issue allows a local attacker who controls a partition with an SRIOV VF to cause a denial of service to a peer partition or arbitrary data corruption. Root cause details spe...

CVE-2022-40753

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688...

Security Bulletin: IBM WebSphere Extended Deployment Compute Grid Vulnerability (CVE-2013-4039)

Abstract Potential security vulnerability fixed in IBM WebSphere Extended Deployment Compute Grid V8.0.0.3 Content VULNERABILITY DETAILS: CVE ID:CVE-2013-4039PM84760 DESCRIPTION: WebSphere Extended Deployment Compute Grid could allow a remote attacker to obtain sensitive information and exploit...

Security Bulletins for WebSphere Application Server

Abstract This security bulletin for WebSphere Application Server is a way for you to obtain security risk assessment information for APARs that are considered Security Integrity. If there is any potential risk of exposure, the APAR is marked as Security Integrity. Some APARs are marked as Securit...

CVE-2021-29774

IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025...

CVE-2021-29742

IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483...

CVE-2020-4705

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2020-4698

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

Security Bulletin: IBM API Connect is impacted by a cross-site scripting vulnerability in jQuery (XForce ID 180875)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the current score. CVSS Vector...

CVE-2019-4130

IBM Cloud Pak System 2.3 and 2.3.0.1 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 158280...

CVE-2019-4292

IBM Security Guardium 10.5 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable web server. IBM X-Force ID: 160698...

CVE-2019-4337

IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain sensitive information due to missing authentication in Ignite nodes. IBM X-Force ID: 161412...

CVE-2018-1982

IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1541...

CVE-2018-1764

IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Code injection

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072...