Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-4267: Security Bulletin: Buffer overflow vulnerability in IBM Spectrum Protect Backup-Archive Client (CVE-2019-4267)

The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerable to a buffer overflow. This could allow execution of arbitrary code on the local system or the application to crash. IBM X-Force ID: 160200.

CVE
Open in Source
#vulnerability#mac#windows#linux#buffer_overflow#ibm
CVE-2019-4236: IBM Spectrum Protect information disclosure CVE-2019-4236 Vulnerability Report

A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418.

CVE-2019-1010247: Release release 2.3.10.2 · OpenIDC/mod_auth_openidc

ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/mod_auth_openidc.c, Line: 3109. The fixed version is: 2.3.10.2.

CVE-2019-4194: IBM Jazz for Service Management is missing function level access control that could allow a user to delete authorized resources (CVE-2019-4194)

IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 is missing function level access control that could allow a user to delete authorized resources. IBM X-Force ID: 159033.

CVE-2019-4430: IBM Maximo Asset Management information disclosure CVE-2019-4430 Vulnerability Report

IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887.

CVE-2019-4211: IBM QRadar SIEM is vulnerable to cross site scripting (XSS) (CVE-2019-4211)

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131.

CVE-2019-1010301: 1679952 – Stack buffer overflow in gpsinfo.c when running jhead

jhead 3.03 is affected by: Buffer Overflow. The impact is: Denial of service. The component is: gpsinfo.c Line 151 ProcessGpsInfo(). The attack vector is: Open a specially crafted JPEG file.

CVE-2019-13590: SoX - Sound eXchange / Bugs

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

CVE-2019-4263: IBM Content Navigator information disclosure CVE-2019-4263 Vulnerability Report

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

CVE-2019-4260: IBM Daeja ViewONE information disclosure CVE-2019-4260 Vulnerability Report

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.