10 matches found
CVE-2014-6271
CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2015-0235
CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...
CVE-2019-4224
CVE-2019-4224 affects IBM PureApplication System versions 2.2.3.0 through 2.2.5.3. The root cause is SQL injection in the backend database path, allowing a remote attacker to view, add, modify, or delete data. IBM's remediation is to upgrade to IBM PureApplication System v2.2.6.0; the IBM bulleti...
CVE-2014-6158
CVE-2014-6158 is a directory-traversal flaw affecting IBM PureApplication System (versions 1.0 up to 1.0.0.4 iFix 10; 1.1 up to 1.1.0.5; 2.0 up to 2.0.0.1) and IBM Workload Deployer (3.1.0.7 up to IF5). The vulnerability arises in the file-upload mechanism where authenticated users can manipulate...
CVE-2019-4225
IBM PureApplication System CVE-2019-4225 affects versions 2.2.3.0 through 2.2.5.3, where potentially sensitive information stored in log files could be read by a local user (information disclosure). Remediation: upgrade to IBM PureApplication System V2.2.6.0. Affected products and explicit remedi...
CVE-2019-4234
CVE-2019-4234 affects IBM PureApplication System versions 2.2.3.0–2.2.5.3. The issue is a weakness in the locking feature implementation in the pattern editor, allowing an attacker who intercepts subsequent requests to bypass business logic and modify a pattern to an unlocked state. The NVD entry...
CVE-2019-4235
The CVE-2019-4235 entry affects IBM PureApplication System versions 2.2.3.0–2.2.5.3, where default password requirements are not enforced, enabling potential account compromise. The issue is rooted in weak password policy by default. IBM’s remediation is to upgrade to IBM PureApplication System v...
CVE-2019-4241
IBM PureApplication System versions 2.2.3.0–2.2.5.3 are affected by CVE-2019-4241, which allows an authenticated user with local access to bypass authentication and obtain administrative access. The vulnerability is documented across multiple sources (including NVD/NVDC and IBM advisories). Remed...
CVE-2014-0960
CVE-2014-0960 affects IBM PureApplication System 1.0 (before 1.0.0.4 cfix8) and 1.1 (before 1.1.0.4 IF1). A remote authenticated user can bypass intended access restrictions by establishing an SSH session from a deployed VM. No exploitation details are provided beyond the description. Remediation...