Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | |||||
| CVE-2019-4151 | 1 Ibm | 1 Security Access Manager | 2023-01-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. | |||||
| CVE-2019-4150 | 1 Ibm | 1 Security Access Manager | 2023-01-30 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. | |||||
| CVE-2019-4145 | 1 Ibm | 1 Security Access Manager | 2023-01-30 | 3.6 LOW | 7.1 HIGH |
| IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. | |||||
| CVE-2019-4142 | 1 Ibm | 1 Cloud Private | 2023-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Cloud Private 2.1.0, 3.1.0, 3.1.1, and 3.1.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158338. | |||||
| CVE-2019-4177 | 1 Ibm | 1 Cognos Controller | 2023-01-30 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158882. | |||||
| CVE-2019-4176 | 1 Ibm | 1 Cognos Controller | 2023-01-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 could allow a remote attacker to bypass security restrictions, caused by an error related to insecure HTTP Methods. An attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 158881. | |||||
| CVE-2019-4174 | 1 Ibm | 1 Cognos Controller | 2023-01-30 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, and 10.4.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 158879. | |||||
| CVE-2019-4161 | 1 Ibm | 1 Security Information Queue | 2023-01-30 | 2.1 LOW | 3.3 LOW |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 158660. | |||||
| CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2023-01-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | |||||
| CVE-2019-4185 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server On Cloud | 2023-01-30 | 5.4 MEDIUM | 8.3 HIGH |
| IBM InfoSphere Information Server 11.7.1 containers are vulnerable to privilege escalation due to an insecurely configured component. IBM X-Force ID: 158975. | |||||
| CVE-2019-4259 | 1 Ibm | 1 Spectrum Scale | 2023-01-30 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011. | |||||
| CVE-2019-4148 | 1 Ibm | 1 Sterling B2b Integrator | 2023-01-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158414. | |||||
| CVE-2019-4146 | 1 Ibm | 1 Sterling B2b Integrator | 2023-01-30 | 3.5 LOW | 3.1 LOW |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 and 6.0.0.1 could allow an authenticated user to obtain sensitive document information under unusual circumstances. IBM X-Force ID: 158401. | |||||
| CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2023-01-30 | 9.0 HIGH | 9.8 CRITICAL |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | |||||
| CVE-2019-4202 | 1 Ibm | 1 Api Connect | 2023-01-30 | 10.0 HIGH | 10.0 CRITICAL |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123. | |||||
| CVE-2019-4094 | 2 Ibm, Linux | 2 Db2, Linux Kernel | 2023-01-30 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014. | |||||
| CVE-2022-4485 | 1 Page-list Project | 1 Page-list | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | |||||
| CVE-2022-4474 | 1 Easysocialfeed | 1 Easy Social Feed | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||
| CVE-2022-4467 | 1 Codeamp | 1 Search \& Filter | 2023-01-30 | N/A | 5.4 MEDIUM |
| The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | |||||