Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2023-4958

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.

CVE
Open in Source
#sql#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#ibm#postgres
CVE-2023-5870

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

CVE-2023-28527: Security Bulletin: IBM Informix archecker, cdr, and onsmsync are vulnerable to heap buffer overflow.

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

CVE-2023-47722: Security Bulletin: API Connect V10 is vulnerable to credential exposure

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912.

CVE-2023-40687: IBM® Db2® is vulnerable to denial of service with a specially crafted RUNSTATS command. (CVE-2023-40687)

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

CVE-2023-38727: IBM® Db2® is vulnerable to denial of service with a specially crafted SQL statement. (CVE-2023-38727)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.

CVE-2023-29258: IBM® Db2® is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. (CVE-2023-29258)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

CVE-2023-38003: IBM® Db2® is vulnerable to privilege escalation with DATAACCESS. (CVE-2023-38003)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

CVE-2023-47701: IBM® Db2® is vulnerable to denial of service with a specially crafted query. (CVE-2023-43020)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.

CVE-2023-46167: IBM® Db2® federated server is vulnerable to a denial of service when a specially crafted cursor is used. (CVE-2023-46167)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.