Vulnerabilites related to opengroup - unix
Vulnerability from fkie_nvd
Published
2021-11-23 00:15
Modified
2024-11-21 06:24
Severity ?
6.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:amazon:amazon_web_services_aws-c-io:0.10.4:*:*:*:*:*:*:*", matchCriteriaId: "9AAE5C9C-092B-4236-BCF3-07290A51079E", vulnerable: true, }, { criteria: "cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:java:*:*", matchCriteriaId: "53F4E856-F06F-4974-8EA4-8CCA9AE7BA04", versionEndExcluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:node.js:*:*", matchCriteriaId: "C0C29498-FB25-4CC3-8E35-A38820C71D09", versionEndExcluding: "1.5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:python:*:*", matchCriteriaId: "2402BC58-3F9B-480E-BE69-E8CCBBE59EB7", versionEndExcluding: "1.6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:amazon:amazon_web_services_internet_of_things_device_software_development_kit_v2:*:*:*:*:*:c\\+\\+:*:*", matchCriteriaId: "EFFC524B-6023-44B2-A60A-76DBCE3BF4A8", versionEndExcluding: "1.12.7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.", }, { lang: "es", value: "El SDK de dispositivos de IoT de AWS v2 para Java, Python, C++ y Node.js añade una autoridad de certificación (CA) suministrada por el usuario a las CA root en lugar de anularla en los sistemas Unix. Los handshakes TLS tendrán así éxito si el par puede ser verificado desde la CA suministrada por el usuario o desde el almacén confiable por defecto del sistema. Los atacantes con acceso a los almacenes confiable de un host o que puedan comprometer una autoridad de certificación que ya esté en el almacén confiable del host (nota: el atacante también debe ser capaz de falsificar el DNS en este caso) pueden ser capaces de usar este problema para omitir el pinning de la CA. Un atacante podría entonces falsificar el broker MQTT, y dejar caer el tráfico y/o responder con los datos del atacante, pero no sería capaz de reenviar estos datos al broker MQTT porque el atacante todavía necesitaría las claves privadas del usuario para autenticarse contra el broker MQTT. La función \"aws_tls_ctx_options_override_default_trust_store_*\" dentro del submódulo aws-c-io ha sido actualizada para anular el almacén confiable por defecto. Esto corrige este problema. Este problema afecta a: Amazon Web Services AWS IoT Device SDK v2 para versiones de Java anteriores a 1.5.0 en Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 para versiones de Python anteriores a 1.6.1 en Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 para versiones de C++ anteriores a 1.12.7 en Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 para versiones de Node.js anteriores a 1.5.3 en Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 en Linux/Unix", }, ], id: "CVE-2021-40830", lastModified: "2024-11-21T06:24:52.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.4, impactScore: 5.9, source: "cve-notifications-us@f-secure.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-23T00:15:07.380", references: [ { source: "cve-notifications-us@f-secure.com", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", }, { source: "cve-notifications-us@f-secure.com", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-java-v2", }, { source: "cve-notifications-us@f-secure.com", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-js-v2", }, { source: "cve-notifications-us@f-secure.com", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-python-v2", }, { source: "cve-notifications-us@f-secure.com", tags: [ "Product", ], url: "https://github.com/awslabs/aws-c-io/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-java-v2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-js-v2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/aws/aws-iot-device-sdk-python-v2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://github.com/awslabs/aws-c-io/", }, ], sourceIdentifier: "cve-notifications-us@f-secure.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 00:15
Modified
2024-11-21 08:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/263499 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047561 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/263499 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047561 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "8966D805-3817-488E-B692-D15838AD3469", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegación de Servicio con una declaración SQL especialmente manipulada que utiliza tablas externas. ID de IBM X-Force: 263499.", }, ], id: "CVE-2023-40372", lastModified: "2024-11-21T08:19:19.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T00:15:10.887", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047561", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047561", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-16 19:15
Modified
2024-11-21 06:51
Severity ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", matchCriteriaId: "37B45907-8F77-416A-BD0E-D0F395BF16E0", versionEndExcluding: "5.15.9", versionStartIncluding: "5.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", matchCriteriaId: "458A2EFF-9F2D-4D5E-9605-047B231B41EE", versionEndExcluding: "6.2.4", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.", }, { lang: "es", value: "En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH", }, ], id: "CVE-2022-25255", lastModified: "2024-11-21T06:51:53.200", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-16T19:15:09.300", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Vendor Advisory", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 21:15
Modified
2024-11-21 08:01
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/253440 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047560 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/253440 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047560 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | * | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "65161064-A4A3-48E5-AC0A-388429FF2F53", versionEndExcluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*", matchCriteriaId: "190AE881-F7BF-486E-BDAE-197337D70CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*", matchCriteriaId: "8D1BAA43-4C77-4AC7-8561-93EDE0AED000", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*", matchCriteriaId: "87C39880-D0E9-4487-9A80-B4D1A999032F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*", matchCriteriaId: "8842A8B6-E470-4536-AB5D-DA1C62A05F58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*", matchCriteriaId: "92BF0482-E4FE-454E-84DD-27074097F3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*", matchCriteriaId: "3705A79B-7903-4055-9CDC-55D60D2AC2E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*", matchCriteriaId: "CBDFCE61-EE04-4901-844D-61B8966C1B81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*", matchCriteriaId: "53A23363-413D-4785-B8C1-9AC2F96000EB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*", matchCriteriaId: "6E22D884-A33F-41D7-84CB-B6360A39863F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*", matchCriteriaId: "4DA56D35-93E9-4659-B180-2FD636A39BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*", matchCriteriaId: "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", matchCriteriaId: "7F91EC14-CD9A-42EB-9D81-6025A1D74749", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", matchCriteriaId: "5D098641-0833-4718-BB6A-273E1CA0F887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", matchCriteriaId: "8B451F96-2A58-4758-86E6-F8A030805C51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", matchCriteriaId: "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", matchCriteriaId: "20386F14-BC32-4174-9F3A-F7406486976A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", matchCriteriaId: "DD0DD54B-AB2E-4C56-B348-FF87C174270A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", matchCriteriaId: "CC14EF40-FE00-47F9-8A78-98713F903D9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la Denegación de Servicio con una consulta especialmente manipulada en determinadas bases de datos. ID de IBM X-Force: 253440.", }, ], id: "CVE-2023-30987", lastModified: "2024-11-21T08:01:11.403", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T21:15:10.627", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047560", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047560", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 02:15
Modified
2024-11-21 07:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4", versionEndIncluding: "11.1.4.7", versionStartIncluding: "11.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "760B31B3-509C-49E4-BB2C-B48E33782141", versionEndIncluding: "11.5.9", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5 es vulnerable a una denegación de servicio a través de una consulta federada especialmente manipulada en objetos de federación específicos. ID de IBM X-Force: 252048.", }, ], id: "CVE-2023-29258", lastModified: "2024-11-21T07:56:45.957", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T02:15:06.647", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240112-0002/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240112-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087218", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-12 17:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/1128063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/1128063 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2_high_performance_unload_load | 5.1.0.0 | |
| ibm | db2_high_performance_unload_load | 5.1.0.1 | |
| ibm | db2_high_performance_unload_load | 6.1.0.0 | |
| ibm | db2_high_performance_unload_load | 6.1.0.1 | |
| ibm | db2_high_performance_unload_load | 6.1.0.2 | |
| ibm | db2_high_performance_unload_load | 6.1.0.3 | |
| ibm | db2_high_performance_unload_load | 6.5.0.0 | |
| ibm | db2_high_performance_unload_load | 6.5.0.0 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:5.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E2E0B4C6-7A35-43F2-86FC-23B12FBE0D55", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:5.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6ABCDC01-1FF1-4596-A1FC-15B54C1FC1DD", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "5F3710A2-9D52-49C0-B745-BCADEABAD28F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "BD06C56E-13E7-40B8-8912-BE5162365FD8", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "D7938A98-4039-46F0-BAA0-DD413B9F884A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "D3B3EE23-0356-4490-8C89-8619AE596FC5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.5.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D6ACF327-FF08-49B3-8902-7759258B18C6", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.5.0.0:if1:*:*:*:*:*:*", matchCriteriaId: "2BEF8EB1-FB2A-4CD4-BA6B-6DFD18441227", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.", }, { lang: "es", value: "La carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de ruta de búsqueda no confiable. Mediante el uso de un archivo ejecutable, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. ID de IBM X-Force: 168298.", }, ], id: "CVE-2019-4606", lastModified: "2024-11-21T04:43:50.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-12T17:15:10.960", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168298", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1128063", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/1128063", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-426", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-22 02:59
Modified
2025-04-12 10:46
Severity ?
Summary
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| ibm | tivoli_storage_manager | * | |
| apple | macos | - | |
| linux | linux_kernel | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B8246A47-DBFD-469D-AFB7-ED8996D69DAD", versionEndIncluding: "5.4.3.6", versionStartIncluding: "5.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "80D9E829-5AFC-42C8-BEED-421712AA4B4A", versionEndIncluding: "5.5.4.3", versionStartIncluding: "5.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "22CAECAB-4AD2-4F34-B545-52A7CFF9D09E", versionEndIncluding: "6.1.5.6", versionStartIncluding: "6.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "10192752-8FEA-4665-87FF-A4ABB8C6518E", versionEndIncluding: "6.2.5.3", versionStartIncluding: "6.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F420BFB9-5265-4B94-A0BD-8C203181F3C8", versionEndIncluding: "6.3.2.2", versionStartIncluding: "6.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.", }, { lang: "es", value: "Desbordamiento de buffer basado en pila en dsmtca en el cliente en IBM Tivoli Storage Manager (TSM) 5.4 hasta 5.4.3.6, 5.5 hasta 5.5.4.3, 6.1 hasta 6.1.5.6, 6.2 anterior a 6.2.5.4, y 6.3 anterior a 6.3.2.3 en UNIX, Linux, y OS X permite a usuarios locales ganar privilegios a través de vectores no especificados.", }, ], id: "CVE-2014-6184", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-02-22T02:59:00.060", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-12 14:15
Modified
2024-11-21 05:35
Severity ?
Summary
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2927956 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2927956 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | businessobjects_business_intelligence_platform | 4.2 | |
| sap | businessobjects_business_intelligence_platform | 4.3 | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.2:-:*:*:*:*:*:*", matchCriteriaId: "E094F9CE-B0A0-46B7-9BAF-0CA76888B19E", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.3:*:*:*:*:*:*:*", matchCriteriaId: "C81DA1FA-54AA-4037-BD28-40509F02BE13", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.", }, { lang: "es", value: "Xvfb de SAP Business Objects Business Intelligence Platform, versiones - 4.2, 4.3, una plataforma en Unix no lleva a cabo ninguna comprobación de autenticación para las funcionalidades que requieren la identidad del usuario", }, ], id: "CVE-2020-6294", lastModified: "2024-11-21T05:35:27.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 5.8, source: "cna@sap.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-12T14:15:14.047", references: [ { source: "cna@sap.com", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2927956", }, { source: "cna@sap.com", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2927956", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-16 16:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/202267 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20211029-0005/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6489493 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/202267 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211029-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6489493 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:-:*:*", matchCriteriaId: "F9DA788B-81D2-4B91-9E63-3D42A5F21854", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*", matchCriteriaId: "2788AA73-3346-4454-948E-9C1556DDDEBA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.1 y 11.5, en condiciones muy específicas, podría permitir a un usuario local seguir ejecutando un procedimiento que podría causar que el sistema se quedara sin memoria y causar una denegación de servicio. IBM X-Force ID: 202267", }, ], id: "CVE-2021-29763", lastModified: "2024-11-21T06:01:45.623", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 1.9, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-16T16:15:08.040", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6489493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6489493", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 00:15
Modified
2024-11-21 08:14
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261607 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0008/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047558 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261607 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047558 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:*:*:*", matchCriteriaId: "5512DD6A-9E57-4741-8F66-1C7AC7C6B593", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.", }, { lang: "es", value: "IBM Db2 11.5 podría permitir que un usuario local con privilegios especiales provoque una Denegación de Servicio durante la desactivación de la base de datos en DPF. ID de IBM X-Force: 261607.", }, ], id: "CVE-2023-38719", lastModified: "2024-11-21T08:14:06.727", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T00:15:10.797", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0008/", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0008/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047558", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 01:15
Modified
2024-11-21 08:30
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "C23E4D44-3305-407B-92C5-8190434A59DC", versionEndIncluding: "10.5.0.11", versionStartIncluding: "10.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4", versionEndIncluding: "11.1.4.7", versionStartIncluding: "11.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "760B31B3-509C-49E4-BB2C-B48E33782141", versionEndIncluding: "11.5.9", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegación de servicio con una consulta especialmente manipulada. ID de IBM X-Force: 266166.", }, ], id: "CVE-2023-47701", lastModified: "2024-11-21T08:30:42.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T01:15:12.340", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087180", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-17 08:15
Modified
2024-11-21 07:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*", matchCriteriaId: "7FC0719C-6D19-4A91-9113-4E3CFE95E317", versionEndIncluding: "10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.", }, { lang: "es", value: "La Consola de administración de Java en Veritas NetBackup hasta 10.1 y productos Veritas relacionados en Linux y UNIX permite a usuarios no root autenticados (que se han agregado explícitamente al archivo auth.conf) ejecutar comandos arbitrarios como root.", }, ], id: "CVE-2022-45461", lastModified: "2024-11-21T07:29:17.963", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-17T08:15:09.157", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-015", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-01-09 01:55
Modified
2025-04-11 00:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | coldfusion | 9.0 | |
| adobe | coldfusion | 9.0.1 | |
| adobe | coldfusion | 9.0.2 | |
| apple | mac_os_x | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ cisaActionDue: "2022-09-07", cisaExploitAdd: "2022-03-07", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Adobe ColdFusion Information Disclosure Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", matchCriteriaId: "113431FB-E4BE-4416-800C-6B13AD1C0E92", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBC38B4-D957-4645-BA96-E99975271482", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CD9AAAA5-231A-43BE-AD00-0918F0C9F90C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.", }, { lang: "es", value: "Adobe ColdFusion v9.0, v9.0.1, y v9.0.2 permite a los atacantes obtener información sensible a través de vectores no especificados, como se explotó en enero de 2013.", }, ], id: "CVE-2013-0631", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2013-01-09T01:55:03.617", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "psirt@adobe.com", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 23:15
Modified
2024-11-21 08:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/254037 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0005/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047499 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/254037 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047499 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "8966D805-3817-488E-B692-D15838AD3469", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", matchCriteriaId: "7F91EC14-CD9A-42EB-9D81-6025A1D74749", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", matchCriteriaId: "5D098641-0833-4718-BB6A-273E1CA0F887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", matchCriteriaId: "8B451F96-2A58-4758-86E6-F8A030805C51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", matchCriteriaId: "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", matchCriteriaId: "20386F14-BC32-4174-9F3A-F7406486976A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", matchCriteriaId: "DD0DD54B-AB2E-4C56-B348-FF87C174270A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", matchCriteriaId: "CC14EF40-FE00-47F9-8A78-98713F903D9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.1 y 11.5 es vulnerable a la Denegación de Servicio con una consulta especialmente manipulada. ID de IBM X-Force: 254037.", }, ], id: "CVE-2023-30991", lastModified: "2024-11-21T08:01:11.953", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T23:15:10.147", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047499", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-22 15:15
Modified
2024-11-21 04:43
Severity ?
Summary
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/165481 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://supportcontent.ibm.com/support/pages/node/1073236 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/165481 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://supportcontent.ibm.com/support/pages/node/1073236 | Permissions Required |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2_high_performance_unload_load | 6.1 | |
| ibm | db2_high_performance_unload_load | 6.5 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.1:*:*:*:*:*:*:*", matchCriteriaId: "5BB5FA93-50A8-4C74-A97D-F078F1CF0012", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2_high_performance_unload_load:6.5:*:*:*:*:*:*:*", matchCriteriaId: "0BFF1078-3F36-44BF-B322-04FCB9D4C57A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.", }, { lang: "es", value: "Una carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, es vulnerable a un desbordamiento del búfer, causado por una comprobación de límites inapropiada que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios de root. ID de IBM X-Force: 165481.", }, ], id: "CVE-2019-4523", lastModified: "2024-11-21T04:43:41.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 5.9, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-22T15:15:10.537", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481", }, { source: "psirt@us.ibm.com", tags: [ "Permissions Required", ], url: "https://supportcontent.ibm.com/support/pages/node/1073236", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://supportcontent.ibm.com/support/pages/node/1073236", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/262258 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047489 | Not Applicable | |
| nvd@nist.gov | https://www.ibm.com/support/pages/node/7047478 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/262258 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047489 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | * | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "65161064-A4A3-48E5-AC0A-388429FF2F53", versionEndExcluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*", matchCriteriaId: "190AE881-F7BF-486E-BDAE-197337D70CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*", matchCriteriaId: "8D1BAA43-4C77-4AC7-8561-93EDE0AED000", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*", matchCriteriaId: "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*", matchCriteriaId: "87C39880-D0E9-4487-9A80-B4D1A999032F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*", matchCriteriaId: "8842A8B6-E470-4536-AB5D-DA1C62A05F58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*", matchCriteriaId: "92BF0482-E4FE-454E-84DD-27074097F3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*", matchCriteriaId: "3705A79B-7903-4055-9CDC-55D60D2AC2E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*", matchCriteriaId: "CBDFCE61-EE04-4901-844D-61B8966C1B81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*", matchCriteriaId: "53A23363-413D-4785-B8C1-9AC2F96000EB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*", matchCriteriaId: "6E22D884-A33F-41D7-84CB-B6360A39863F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*", matchCriteriaId: "4DA56D35-93E9-4659-B180-2FD636A39BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*", matchCriteriaId: "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", matchCriteriaId: "7F91EC14-CD9A-42EB-9D81-6025A1D74749", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", matchCriteriaId: "5D098641-0833-4718-BB6A-273E1CA0F887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", matchCriteriaId: "8B451F96-2A58-4758-86E6-F8A030805C51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", matchCriteriaId: "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", matchCriteriaId: "20386F14-BC32-4174-9F3A-F7406486976A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", matchCriteriaId: "DD0DD54B-AB2E-4C56-B348-FF87C174270A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", matchCriteriaId: "CC14EF40-FE00-47F9-8A78-98713F903D9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la Denegación de Servicio con una declaración de consulta XML especialmente manipulada. ID de IBM X-Force: 262258.", }, ], id: "CVE-2023-38728", lastModified: "2024-11-21T08:14:07.723", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T22:15:11.957", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "psirt@us.ibm.com", tags: [ "Not Applicable", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { source: "nvd@nist.gov", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047478", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.ibm.com/support/pages/node/7047489", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-08 13:15
Modified
2024-11-21 08:49
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| snowsoftware | snow_inventory_agent | * | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:snowsoftware:snow_inventory_agent:*:*:*:*:*:*:*:*", matchCriteriaId: "7AEB14AE-54A3-47EA-88AD-5D4C05310F0E", versionEndExcluding: "7.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.\n\n", }, { lang: "es", value: "La verificación incorrecta de la vulnerabilidad de la firma criptográfica en Snow Software Inventory Agent en Unix permite la manipulación de archivos a través de los paquetes de actualización de Snow. Este problema afecta al Inventory Agent: hasta 7.3.1.", }, ], id: "CVE-2024-1150", lastModified: "2024-11-21T08:49:54.780", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "security@snowsoftware.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-08T13:15:09.320", references: [ { source: "security@snowsoftware.com", tags: [ "Vendor Advisory", ], url: "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", }, ], sourceIdentifier: "security@snowsoftware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security@snowsoftware.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-347", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-21 16:01
Modified
2024-11-21 04:52
Severity ?
Summary
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| putty | putty | * | |
| opengroup | unix | - | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*", matchCriteriaId: "D2DDD5D1-E291-4420-81CA-3924ACAD80B6", versionEndExcluding: "0.71", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", matchCriteriaId: "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.", }, { lang: "es", value: "En PuTTY, en versiones anteriores a la 0.71 en Unix, existe un desbordamiento de búfer desencadenable remotamente en cualquier tipo de redirección servidor-a-cliente.", }, ], id: "CVE-2019-9895", lastModified: "2024-11-21T04:52:31.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-21T16:01:17.780", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Apr/6", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20190404-0001/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Apr/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20190404-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4423", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-09 08:15
Modified
2025-03-13 15:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rarlab | unrar | * | |
| linux | linux_kernel | - | |
| opengroup | unix | - | |
| debian | debian_linux | 10.0 |
{ cisaActionDue: "2022-08-30", cisaExploitAdd: "2022-08-09", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "RARLAB UnRAR Directory Traversal Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", matchCriteriaId: "35D143B1-7FE7-4580-886E-4A54F6AB0CD9", versionEndExcluding: "6.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.", }, { lang: "es", value: "RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operación de extracción (también se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no están afectados", }, ], id: "CVE-2022-30333", lastModified: "2025-03-13T15:35:00.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-05-09T08:15:06.937", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.rarlab.com/rar_add.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.rarlab.com/rar_add.htm", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2012-01-19 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", matchCriteriaId: "B3F19177-8A7D-4F6E-8A32-6755EC663F8F", versionEndIncluding: "8.3", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", matchCriteriaId: "44E30DE7-C2CC-4385-AE4E-AAAE18377247", versionEndIncluding: "10.1", versionStartIncluding: "10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", matchCriteriaId: "03739EC9-1D5F-4266-80B8-CCFDACEFF66E", versionEndIncluding: "9.4.5", versionStartIncluding: "9.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB6F9A2-7C8D-444A-8BEC-38C24B2A5A67", versionEndIncluding: "8.3", versionStartIncluding: "8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", matchCriteriaId: "CBEF2479-2117-4AF7-8D8E-FBAAE6E9980F", versionEndIncluding: "9.4.5", versionStartIncluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", matchCriteriaId: "B1B46090-9C68-4394-8286-45C47320DB6C", versionEndIncluding: "10.1", versionStartIncluding: "10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.", }, { lang: "es", value: "Desbordamiento de entero en Adobe Reader v9.x antes de v9.4.6 en Linux permite a los atacantes ejecutar código de su elección a través de vectores no especificados.", }, ], id: "CVE-2011-4374", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-01-19T19:55:01.287", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", }, { source: "psirt@adobe.com", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-10 01:55
Modified
2025-04-12 10:46
Severity ?
Summary
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| hp-security-alert@hp.com | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | Broken Link, Vendor Advisory | |
| hp-security-alert@hp.com | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | Broken Link, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hp | operations_manager | 9.10 | |
| hp | operations_manager | 9.11 | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:hp:operations_manager:9.10:*:*:*:*:*:*:*", matchCriteriaId: "CBFE2175-3258-4D5A-AAAD-9D306A64C890", vulnerable: true, }, { criteria: "cpe:2.3:a:hp:operations_manager:9.11:*:*:*:*:*:*:*", matchCriteriaId: "DC936581-6872-4A40-992B-BF3D67FBFF4C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad no especificada en HP Operations Manager 9.10 y 9.11 en UNIX permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos.", }, ], id: "CVE-2014-2648", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-10T01:55:08.087", references: [ { source: "hp-security-alert@hp.com", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { source: "hp-security-alert@hp.com", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Vendor Advisory", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, ], sourceIdentifier: "hp-security-alert@hp.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-01 05:15
Modified
2024-11-21 06:31
Severity ?
Summary
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "4CF46C0F-E074-4676-A9B3-E6A22861879C", versionEndExcluding: "1.16.12", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "406E61FE-D8E5-457E-93C5-8495F43DF42C", versionEndExcluding: "1.17.5", versionStartIncluding: "1.17.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", }, { lang: "es", value: "Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5 en UNIX, permite operaciones de escritura en un archivo no deseado o en una conexión de red no deseada como consecuencia de un cierre erróneo del descriptor de archivo 0 tras el agotamiento del descriptor de archivo.\n", }, ], id: "CVE-2021-44717", lastModified: "2024-11-21T06:31:27.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-01T05:15:08.367", references: [ { source: "cve@mitre.org", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-02", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-02", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-404", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-17 00:15
Modified
2024-11-21 08:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/263574 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047563 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/263574 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047563 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | db2 | * | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 10.5 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| ibm | db2 | 11.1.4 | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "8966D805-3817-488E-B692-D15838AD3469", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*", matchCriteriaId: "190AE881-F7BF-486E-BDAE-197337D70CDB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*", matchCriteriaId: "8D1BAA43-4C77-4AC7-8561-93EDE0AED000", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*", matchCriteriaId: "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*", matchCriteriaId: "87C39880-D0E9-4487-9A80-B4D1A999032F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*", matchCriteriaId: "8842A8B6-E470-4536-AB5D-DA1C62A05F58", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*", matchCriteriaId: "92BF0482-E4FE-454E-84DD-27074097F3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*", matchCriteriaId: "3705A79B-7903-4055-9CDC-55D60D2AC2E4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*", matchCriteriaId: "CBDFCE61-EE04-4901-844D-61B8966C1B81", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*", matchCriteriaId: "53A23363-413D-4785-B8C1-9AC2F96000EB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*", matchCriteriaId: "6E22D884-A33F-41D7-84CB-B6360A39863F", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*", matchCriteriaId: "4DA56D35-93E9-4659-B180-2FD636A39BAB", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*", matchCriteriaId: "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", matchCriteriaId: "7F91EC14-CD9A-42EB-9D81-6025A1D74749", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", matchCriteriaId: "5D098641-0833-4718-BB6A-273E1CA0F887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", matchCriteriaId: "8B451F96-2A58-4758-86E6-F8A030805C51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", matchCriteriaId: "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", matchCriteriaId: "20386F14-BC32-4174-9F3A-F7406486976A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", matchCriteriaId: "DD0DD54B-AB2E-4C56-B348-FF87C174270A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", matchCriteriaId: "CC14EF40-FE00-47F9-8A78-98713F903D9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) es vulnerable a la Denegación de Servicio con una consulta especialmente manipulada que contiene expresiones de tabla comunes. ID de IBM X-Force: 263574.", }, ], id: "CVE-2023-40373", lastModified: "2024-11-21T08:19:19.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-17T00:15:10.970", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047563", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047563", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-08-26 00:15
Modified
2024-11-21 07:03
Severity ?
Summary
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://rubrik.com | Vendor Advisory | |
| cve@mitre.org | https://www.rubrik.com/advisories/rbk-20220705-V0037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rubrik.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.rubrik.com/advisories/rbk-20220705-V0037 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:rubrik:cdm:7.0.1:-:*:*:*:*:*:*", matchCriteriaId: "4BEB96DE-ADE3-4802-B71B-8DDF0BC14335", vulnerable: true, }, { criteria: "cpe:2.3:a:rubrik:cdm:7.0.1:p1:*:*:*:*:*:*", matchCriteriaId: "11005D24-7144-4DAC-8DA1-7BF8634A39AD", vulnerable: true, }, { criteria: "cpe:2.3:a:rubrik:cdm:7.0.1:p2:*:*:*:*:*:*", matchCriteriaId: "D010A1C3-0E59-4638-8C35-3C2DFA0BF9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:rubrik:cdm:7.0.1:p3:*:*:*:*:*:*", matchCriteriaId: "16374FB7-222A-495F-BC86-C0C1CE293241", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de búfer en el agente de Rubrik Backup Service (RBS) para sistemas basados en Linux o Unix en Rubrik CDM versiones 7.0.1, 7.0.1-p1, 7.0.1-p2 o 7.0.1-p3 anteriores a CDM 7.0.2-p2, podría permitir a un atacante local obtener privilegios de root mediante el envío de un mensaje diseñado al agente RBS.", }, ], id: "CVE-2022-30984", lastModified: "2024-11-21T07:03:40.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-08-26T00:15:08.987", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://rubrik.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.rubrik.com/advisories/rbk-20220705-V0037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://rubrik.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.rubrik.com/advisories/rbk-20220705-V0037", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 02:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "C23E4D44-3305-407B-92C5-8190434A59DC", versionEndIncluding: "10.5.0.11", versionStartIncluding: "10.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4", versionEndIncluding: "11.1.4.7", versionStartIncluding: "11.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "760B31B3-509C-49E4-BB2C-B48E33782141", versionEndIncluding: "11.5.9", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegación de servicio con una declaración SQL especialmente manipulada. ID de IBM X-Force: 262257.", }, ], id: "CVE-2023-38727", lastModified: "2024-11-21T08:14:07.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T02:15:06.867", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087143", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 21:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/261616 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0005/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047489 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/261616 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047489 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "65161064-A4A3-48E5-AC0A-388429FF2F53", versionEndExcluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*", matchCriteriaId: "7F91EC14-CD9A-42EB-9D81-6025A1D74749", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*", matchCriteriaId: "5D098641-0833-4718-BB6A-273E1CA0F887", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*", matchCriteriaId: "8B451F96-2A58-4758-86E6-F8A030805C51", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*", matchCriteriaId: "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*", matchCriteriaId: "20386F14-BC32-4174-9F3A-F7406486976A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*", matchCriteriaId: "DD0DD54B-AB2E-4C56-B348-FF87C174270A", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*", matchCriteriaId: "CC14EF40-FE00-47F9-8A78-98713F903D9C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 y 11.5 es vulnerable a la Denegación de Servicio con una declaración ALTER TABLE especialmente manipulada. ID de IBM X-Force: 261616.", }, ], id: "CVE-2023-38720", lastModified: "2024-11-21T08:14:06.880", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T21:15:10.720", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047489", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 23:15
Modified
2024-11-21 08:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/263575 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047261 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/263575 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047261 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "8966D805-3817-488E-B692-D15838AD3469", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a la Denegación de Servicio con una declaración de consulta especialmente manipulada. ID de IBM X-Force: 263575.", }, ], id: "CVE-2023-40374", lastModified: "2024-11-21T08:19:19.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T23:15:10.243", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "psirt@us.ibm.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047261", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-23 02:15
Modified
2024-11-06 20:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7156851 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "72264C00-9FD5-44EF-AE33-36819E253233", versionEndIncluding: "10.5.11", versionStartIncluding: "10.5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "2E7ABF45-1720-49F0-AA78-E4C06815F3C5", versionEndIncluding: "11.1.4.7", versionStartIncluding: "11.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:-:*:*", matchCriteriaId: "46EEFD88-1F1D-417F-815A-98A456DE8515", versionEndIncluding: "11.5.9", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.", }, { lang: "es", value: " IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a una denegación de servicio, en configuraciones específicas, ya que el servidor puede bloquearse al utilizar una declaración SQL especialmente manipulada por un usuario autenticado.", }, ], id: "CVE-2024-31880", lastModified: "2024-11-06T20:39:55.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-23T02:15:07.167", references: [ { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7156851", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "psirt@us.ibm.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-01-09 01:55
Modified
2025-04-11 00:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@adobe.com | http://www.adobe.com/support/security/advisories/apsa13-01.html | Vendor Advisory | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb13-03.html | Not Applicable | |
| psirt@adobe.com | http://www.securityfocus.com/bid/57164 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/advisories/apsa13-01.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb13-03.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/57164 | Broken Link, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | coldfusion | 9.0 | |
| adobe | coldfusion | 9.0.1 | |
| adobe | coldfusion | 9.0.2 | |
| apple | mac_os_x | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ cisaActionDue: "2022-09-07", cisaExploitAdd: "2022-03-07", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Adobe ColdFusion Authentication Bypass Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", matchCriteriaId: "113431FB-E4BE-4416-800C-6B13AD1C0E92", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBC38B4-D957-4645-BA96-E99975271482", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CD9AAAA5-231A-43BE-AD00-0918F0C9F90C", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.", }, { lang: "es", value: "Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a atacantes remotos evitar la autenticación y posiblemente ejecutar código arbitrario a través de vectores no especificados, como se explotó en enero de 2013.", }, ], id: "CVE-2013-0625", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2013-01-09T01:55:00.803", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "psirt@adobe.com", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { source: "psirt@adobe.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57164", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57164", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-287", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-16 16:15
Modified
2024-11-21 06:01
Severity ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/204470 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20211029-0005/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6489499 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/204470 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211029-0005/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6489499 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:-:*:*", matchCriteriaId: "F9DA788B-81D2-4B91-9E63-3D42A5F21854", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:-:*:*", matchCriteriaId: "2788AA73-3346-4454-948E-9C1556DDDEBA", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", matchCriteriaId: "E492C463-D76E-49B7-A4D4-3B499E422D89", vulnerable: false, }, { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, { criteria: "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", matchCriteriaId: "F5027746-8216-452D-83C5-2F8E9546F2A5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) podría divulgar información confidencial cuando se usa ADMIN_CMD con LOAD o BACKUP. IBM X-Force ID: 204470", }, ], id: "CVE-2021-29825", lastModified: "2024-11-21T06:01:52.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-16T16:15:08.100", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6489499", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6489499", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-01-09 21:46
Modified
2025-04-09 00:30
Severity ?
Summary
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ssh | tectia_client | * | |
| ssh | tectia_client | * | |
| ssh | tectia_server | * | |
| ssh | tectia_server | * | |
| linux | linux_kernel | - | |
| opengroup | unix | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*", matchCriteriaId: "4D56E908-9C03-4EDE-8073-6A694F8EA22B", versionEndExcluding: "5.2.4", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ssh:tectia_client:*:*:*:*:*:*:*:*", matchCriteriaId: "14F18621-132A-4B0B-AA42-218182593597", versionEndExcluding: "5.3.6", versionStartIncluding: "5.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D7B22708-3E09-4CFD-B43C-1D3BEA9A0713", versionEndExcluding: "5.2.4", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ssh:tectia_server:*:*:*:*:*:*:*:*", matchCriteriaId: "42A5D80B-7C03-4E4E-9FDA-37359AFA639D", versionEndExcluding: "5.3.6", versionStartIncluding: "5.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.", }, { lang: "es", value: "ssh-signer en SSH Tectia Client y Server 5.x anterior a 5.2.4, y 5.3.x anterior a 5.3.6, sobre Unix y Linux permite a usuarios locales ganar privilegios a través de vectores no especificados.", }, ], id: "CVE-2007-5616", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2008-01-09T21:46:00.000", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/28247", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1019167", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/921339", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/27191", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0078", }, { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/28247", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1019167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/921339", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/27191", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/0078", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 01:15
Modified
2024-11-21 08:28
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "55A0ECDB-9278-4812-A44C-4FDD09898E10", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, { lang: "es", value: "El servidor federado IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5 es vulnerable a una denegación de servicio cuando se utiliza un cursor especialmente manipulado. ID de IBM X-Force: 269367.", }, ], id: "CVE-2023-46167", lastModified: "2024-11-21T08:28:00.590", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T01:15:12.147", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-19 00:15
Modified
2024-11-21 05:48
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:shescape_project:shescape:*:*:*:*:*:node.js:*:*", matchCriteriaId: "C88DEA52-C298-4E68-AA29-00122DE84930", versionEndExcluding: "1.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.", }, { lang: "es", value: "shescape es un paquete de escape de shell simple para JavaScript. En shescape versiones anteriores a 1.1.3, cualquiera que use _Shescape_ para defenderse de la inyección de shell puede ser vulnerable frente a una inyección shell si el atacante logra insertar en la carga útil. Para visualizar un ejemplo, consulte el Aviso de Seguridad de GitHub al que se hace referencia. El problema ha sido solucionado en la versión 1.1.3. No son requeridos más cambios", }, ], id: "CVE-2021-21384", lastModified: "2024-11-21T05:48:14.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 4.7, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-19T00:15:11.793", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", }, { source: "security-advisories@github.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", }, { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://www.npmjs.com/package/shescape", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.npmjs.com/package/shescape", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-88", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-24 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20220729-0007/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6597993 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220729-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6597993 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", matchCriteriaId: "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", matchCriteriaId: "2952EB24-A015-4EC7-85E3-88588D0AB15B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", matchCriteriaId: "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*", matchCriteriaId: "0DC3F2DB-9AE2-4B11-A838-167E857D831D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*", matchCriteriaId: "3977E313-6CD6-42E3-8936-B244CF8127B6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, puede ser vulnerable a una divulgación de información causada por una administración inapropiada de privilegios cuando es usada la función de tabla. IBM X-Force ID: 221973", }, ], id: "CVE-2022-22390", lastModified: "2024-11-21T06:46:44.443", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-24T17:15:08.563", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6597993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6597993", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-12-07 19:55
Modified
2025-04-11 00:51
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
References
Impacted products
{ cisaActionDue: "2022-06-22", cisaExploitAdd: "2022-06-08", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", matchCriteriaId: "A70868B3-F3C5-4DC0-9013-78E77F424109", versionEndIncluding: "10.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", matchCriteriaId: "68D60103-B447-48D2-9B52-81DEA719CEBE", versionEndIncluding: "10.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", matchCriteriaId: "0142C12E-A8F0-4E88-AECE-88F068E5E874", versionEndIncluding: "9.4.6", versionStartIncluding: "9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.", }, { lang: "es", value: "Vulnerabilidad no especificada en el componente de U3D en Adobe Reader y Acrobat v10.1.1 y versiones anteriores para Windows y Mac OS X, y Adobe Reader v9.x hasta v9.4.6 en UNIX, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos, explotado \"in the wild\" en diciembre de 2011.", }, ], id: "CVE-2011-2462", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2011-12-07T19:55:01.673", references: [ { source: "psirt@adobe.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html", }, { source: "psirt@adobe.com", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html", }, { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa11-04.html", }, { source: "psirt@adobe.com", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", }, { source: "psirt@adobe.com", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", }, { source: "psirt@adobe.com", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2012-0011.html", }, { source: "psirt@adobe.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-350A.html", }, { source: "psirt@adobe.com", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa11-04.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.redhat.com/support/errata/RHSA-2012-0011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-350A.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-30 17:15
Modified
2024-11-21 06:47
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*", matchCriteriaId: "A0E22E7A-AB04-41C6-AA8B-A38DA224B1AA", versionEndExcluding: "8.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:ibm:z_linux:-:*:*:*:*:*:*:*", matchCriteriaId: "57109509-72B1-4F53-9A5E-4E19C1286844", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.", }, { lang: "es", value: "Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX y TIBCO Managed File Transfer Platform Server for z/Linux contienen una vulnerabilidad de Ejecución de Código Remota (RCE) difícil de explotar que permite a un atacante con pocos privilegios y acceso a la red ejecutar código arbitrario en el sistema afectado. Las versiones afectadas son TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versiones 8.1.0 y anteriores y TIBCO Managed File Transfer Platform Server for z/Linux: versiones 8.1.0 y anteriores", }, ], id: "CVE-2022-22772", lastModified: "2024-11-21T06:47:25.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 8.5, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 6, source: "security@tibco.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-30T17:15:10.270", references: [ { source: "security@tibco.com", tags: [ "Vendor Advisory", ], url: "https://www.tibco.com/services/support/advisories", }, { source: "security@tibco.com", tags: [ "Vendor Advisory", ], url: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.tibco.com/services/support/advisories", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", }, ], sourceIdentifier: "security@tibco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 02:15
Modified
2024-11-21 08:19
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "741C6733-B8A4-4C32-B538-FB4347841242", versionEndIncluding: "10.5.0.11", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "FE8F88DC-637C-4F04-AE84-1BD0343FD8F4", versionEndIncluding: "11.1.4.7", versionStartIncluding: "11.1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "760B31B3-509C-49E4-BB2C-B48E33782141", versionEndIncluding: "11.5.9", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.", }, { lang: "es", value: "IBM DB2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 10.5, 11.1 y 11.5 es vulnerable a la denegación de servicio con un comando RUNSTATS especialmente manipulado en una tabla de 8 TB. ID de IBM X-Force: 264809.", }, ], id: "CVE-2023-40687", lastModified: "2024-11-21T08:19:58.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T02:15:07.077", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809", }, { source: "psirt@us.ibm.com", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087149", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7087149", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-24 17:15
Modified
2024-11-21 06:46
Severity ?
Summary
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20220729-0007/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6598047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220729-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6598047 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*", matchCriteriaId: "CE1C4DE6-EB32-4A31-9FAA-D8DA31D8CF05", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*", matchCriteriaId: "2952EB24-A015-4EC7-85E3-88588D0AB15B", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*", matchCriteriaId: "6E232F83-BE4C-4B3E-A5B1-53F9D95F0368", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:*:*:*", matchCriteriaId: "0DC3F2DB-9AE2-4B11-A838-167E857D831D", vulnerable: true, }, { criteria: "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:*:*:*", matchCriteriaId: "3977E313-6CD6-42E3-8936-B244CF8127B6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegación de servicio, ya que el servidor puede terminar de forma anormal cuando son ejecutadas sentencias SQL especialmente diseñadas por un usuario autenticado. IBM X-Force ID: 2219740", }, ], id: "CVE-2022-22389", lastModified: "2024-11-21T06:46:44.317", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-24T17:15:08.520", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, { source: "psirt@us.ibm.com", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6598047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/6598047", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-16 22:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/262613 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7047489 | Not Applicable | |
| nvd@nist.gov | https://www.ibm.com/support/pages/node/7047554 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/262613 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231116-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7047489 | Not Applicable |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*", matchCriteriaId: "8966D805-3817-488E-B692-D15838AD3469", versionEndIncluding: "11.5.8", versionStartIncluding: "11.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.", }, { lang: "es", value: "IBM Db2 para Linux, UNIX y Windows (incluyendo Db2 Connect Server) 11.5 es vulnerable a una Denegación de Servicio con una declaración SQL especialmente manipulada. ID de IBM X-Force: 262613.", }, ], id: "CVE-2023-38740", lastModified: "2024-11-21T08:14:09.197", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "psirt@us.ibm.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-16T22:15:12.057", references: [ { source: "psirt@us.ibm.com", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613", }, { source: "psirt@us.ibm.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "psirt@us.ibm.com", tags: [ "Not Applicable", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { source: "nvd@nist.gov", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.ibm.com/support/pages/node/7047554", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "VDB Entry", "Vendor Advisory", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.ibm.com/support/pages/node/7047489", }, ], sourceIdentifier: "psirt@us.ibm.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "psirt@us.ibm.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-01-09 01:55
Modified
2025-04-11 00:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@adobe.com | http://www.adobe.com/support/security/advisories/apsa13-01.html | Vendor Advisory | |
| psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb13-03.html | Not Applicable | |
| psirt@adobe.com | http://www.securityfocus.com/bid/57165 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/advisories/apsa13-01.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb13-03.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/57165 | Broken Link, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adobe | coldfusion | 9.0 | |
| adobe | coldfusion | 9.0.1 | |
| adobe | coldfusion | 9.0.2 | |
| adobe | coldfusion | 10.0 | |
| apple | mac_os_x | - | |
| microsoft | windows | - | |
| opengroup | unix | - |
{ cisaActionDue: "2022-09-07", cisaExploitAdd: "2022-03-07", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Adobe ColdFusion Directory Traversal Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:adobe:coldfusion:9.0:*:*:*:*:*:*:*", matchCriteriaId: "113431FB-E4BE-4416-800C-6B13AD1C0E92", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBC38B4-D957-4645-BA96-E99975271482", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "CD9AAAA5-231A-43BE-AD00-0918F0C9F90C", vulnerable: true, }, { criteria: "cpe:2.3:a:adobe:coldfusion:10.0:*:*:*:*:*:*:*", matchCriteriaId: "3FAE2BA4-7CD9-4CBD-9D77-56D591FBDB24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", matchCriteriaId: "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", vulnerable: false, }, { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.", }, { lang: "es", value: "Adobe ColdFusion v9.0, v9.0.1, v9.0.2 y v10, cuando una contraseña no está configurada, permite a los atacantes acceder a directorios restringidos a través de vectores no especificados, como se explotó en enero de 2013.", }, ], id: "CVE-2013-0629", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2013-01-09T01:55:03.553", references: [ { source: "psirt@adobe.com", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "psirt@adobe.com", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { source: "psirt@adobe.com", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57165", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/57165", }, ], sourceIdentifier: "psirt@adobe.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-03 19:15
Modified
2024-11-21 04:28
Severity ?
Summary
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", matchCriteriaId: "11619557-69F9-455F-ADAA-86AC753BBC9C", versionEndExcluding: "1.9.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", matchCriteriaId: "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.", }, { lang: "es", value: "El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, en plataformas diferentes de Windows proporciona detalles sobre por qué falló la autenticación, lo que podría hacer más fácil para que atacantes enumeren nombres de usuario válidos.", }, ], id: "CVE-2019-15162", lastModified: "2024-11-21T04:28:10.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-03T19:15:09.300", references: [ { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "cve@mitre.org", tags: [ "Product", "Release Notes", ], url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "cve@mitre.org", url: "https://support.apple.com/kb/HT210785", }, { source: "cve@mitre.org", url: "https://support.apple.com/kb/HT210788", }, { source: "cve@mitre.org", url: "https://support.apple.com/kb/HT210789", }, { source: "cve@mitre.org", url: "https://support.apple.com/kb/HT210790", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.tcpdump.org/public-cve-list.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Release Notes", ], url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT210785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT210788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT210789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.apple.com/kb/HT210790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.tcpdump.org/public-cve-list.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2023-40374 (GCVE-0-2023-40374)
Vulnerability from cvelistv5
Published
2023-10-16 22:47
Modified
2025-02-13 17:07
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.741Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047261", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:07:01.160Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047261", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263575", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40374", datePublished: "2023-10-16T22:47:19.415Z", dateReserved: "2023-08-14T20:12:05.636Z", dateUpdated: "2025-02-13T17:07:46.295Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-2648 (GCVE-0-2014-2648)
Vulnerability from cvelistv5
Published
2014-10-10 01:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | vendor-advisory, x_refsource_HP | |
| https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866 | vendor-advisory, x_refsource_HP |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:21:35.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SSRT101727", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { name: "HPSBMU03127", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-10-08T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-10-10T01:57:01", orgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", shortName: "hp", }, references: [ { name: "SSRT101727", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { name: "HPSBMU03127", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "hp-security-alert@hp.com", ID: "CVE-2014-2648", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "SSRT101727", refsource: "HP", url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, { name: "HPSBMU03127", refsource: "HP", url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "74586083-13ce-40fd-b46a-8e5d23cfbcb2", assignerShortName: "hp", cveId: "CVE-2014-2648", datePublished: "2014-10-10T01:00:00", dateReserved: "2014-03-24T00:00:00", dateUpdated: "2024-08-06T10:21:35.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-29258 (GCVE-0-2023-29258)
Vulnerability from cvelistv5
Published
2023-12-04 01:12
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:15.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087218", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240112-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T14:06:19.587Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087218", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/252048", }, { url: "https://security.netapp.com/advisory/ntap-20240112-0002/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-29258", datePublished: "2023-12-04T01:12:20.327Z", dateReserved: "2023-04-04T18:46:07.427Z", dateUpdated: "2025-02-13T16:49:05.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-30987 (GCVE-0-2023-30987)
Vulnerability from cvelistv5
Published
2023-10-16 20:48
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1 ,11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:45:24.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047560", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1 ,11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:54.465Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047560", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30987", datePublished: "2023-10-16T20:48:07.845Z", dateReserved: "2023-04-21T17:49:51.825Z", dateUpdated: "2025-02-13T16:49:39.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38727 (GCVE-0-2023-38727)
Vulnerability from cvelistv5
Published
2023-12-04 01:08
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.811Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087143", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38727", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-10T20:01:21.953447Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T18:39:25.963Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:54.464Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087143", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262257", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38727", datePublished: "2023-12-04T01:08:48.495Z", dateReserved: "2023-07-25T00:01:06.101Z", dateUpdated: "2025-02-13T17:02:34.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-1150 (GCVE-0-2024-1150)
Vulnerability from cvelistv5
Published
2024-02-08 13:06
Modified
2024-08-01 18:26
Severity ?
EPSS score ?
Summary
Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Snow Software | Inventory Agent |
Version: 0 < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-1150", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-22T14:56:07.795534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:01:07.970Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T18:26:30.515Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Unix", ], product: "Inventory Agent", vendor: "Snow Software", versions: [ { lessThanOrEqual: "7.3.1", status: "affected", version: "0", versionType: "custom", }, ], }, ], datePublic: "2024-02-08T12:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.<p>This issue affects Inventory Agent: through 7.3.1.</p>", }, ], value: "Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1.\n\n", }, ], impacts: [ { capecId: "CAPEC-165", descriptions: [ { lang: "en", value: "CAPEC-165 File Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-08T13:06:16.747Z", orgId: "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", shortName: "Snow", }, references: [ { url: "https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK", }, ], source: { discovery: "UNKNOWN", }, title: "Improper validation of update packages", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "ea911274-ddd9-4e68-b39a-d7d6ae8b8a65", assignerShortName: "Snow", cveId: "CVE-2024-1150", datePublished: "2024-02-08T13:06:16.747Z", dateReserved: "2024-02-01T09:47:52.460Z", dateUpdated: "2024-08-01T18:26:30.515Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-45461 (GCVE-0-2022-45461)
Vulnerability from cvelistv5
Published
2022-11-17 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:17:03.549Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.veritas.com/content/support/en_US/security/VTS22-015", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.veritas.com/content/support/en_US/security/VTS22-015", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-45461", datePublished: "2022-11-17T00:00:00", dateReserved: "2022-11-17T00:00:00", dateUpdated: "2024-08-03T14:17:03.549Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-22390 (GCVE-0-2022-22390)
Vulnerability from cvelistv5
Published
2022-06-24 16:45
Modified
2024-09-16 16:43
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6597993 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/221973 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20220729-0007/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DB2 for Linux, UNIX and Windows |
Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6597993", }, { name: "ibm-db2-cve202222390-info-disc (221973)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DB2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5", }, { status: "affected", version: "10.1", }, { status: "affected", version: "9.7", }, { status: "affected", version: "11.1", }, { status: "affected", version: "11.5", }, ], }, ], datePublic: "2022-06-23T00:00:00", descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/PR:N/UI:N/A:N/C:H/I:N/S:U/AV:L/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-29T19:07:39", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6597993", }, { name: "ibm-db2-cve202222390-info-disc (221973)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-06-23T00:00:00", ID: "CVE-2022-22390", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DB2 for Linux, UNIX and Windows", version: { version_data: [ { version_value: "10.5", }, { version_value: "10.1", }, { version_value: "9.7", }, { version_value: "11.1", }, { version_value: "11.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "L", AV: "L", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6597993", refsource: "CONFIRM", title: "IBM Security Bulletin 6597993 (DB2 for Linux, UNIX and Windows)", url: "https://www.ibm.com/support/pages/node/6597993", }, { name: "ibm-db2-cve202222390-info-disc (221973)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221973", }, { name: "https://security.netapp.com/advisory/ntap-20220729-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22390", datePublished: "2022-06-24T16:45:19.526105Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T16:43:54.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38720 (GCVE-0-2023-38720)
Vulnerability from cvelistv5
Published
2023-10-16 20:52
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.1 ,11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.896Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.1 ,11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:34.864Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38720", datePublished: "2023-10-16T20:52:54.759Z", dateReserved: "2023-07-25T00:00:53.164Z", dateUpdated: "2025-02-13T17:02:33.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-30333 (GCVE-0-2022-30333)
Vulnerability from cvelistv5
Published
2022-05-09 00:00
Modified
2025-01-29 16:18
Severity ?
EPSS score ?
Summary
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:48:35.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.rarlab.com/rar_add.htm", }, { tags: [ "x_transferred", ], url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { tags: [ "x_transferred", ], url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { name: "GLSA-202309-04", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202309-04", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-30333", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-29T16:18:17.553759Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-08-09", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30333", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-29T16:18:20.605Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-17T06:06:09.291Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.rarlab.com/rar_add.htm", }, { url: "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", }, { url: "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", }, { url: "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", }, { name: "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", }, { name: "GLSA-202309-04", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202309-04", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30333", datePublished: "2022-05-09T00:00:00.000Z", dateReserved: "2022-05-07T00:00:00.000Z", dateUpdated: "2025-01-29T16:18:20.605Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38740 (GCVE-0-2023-38740)
Vulnerability from cvelistv5
Published
2023-10-16 21:24
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:54:38.450Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38740", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:43:32.530588Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T18:45:45.268Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.", }, ], value: "IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:59.358Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38740", datePublished: "2023-10-16T21:24:15.155Z", dateReserved: "2023-07-25T00:01:17.450Z", dateUpdated: "2025-02-13T17:02:35.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38719 (GCVE-0-2023-38719)
Vulnerability from cvelistv5
Published
2023-10-16 23:05
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.753Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047558", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0008/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.", }, ], value: "IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:07:44.663Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047558", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0008/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38719", datePublished: "2023-10-16T23:05:41.644Z", dateReserved: "2023-07-25T00:00:53.164Z", dateUpdated: "2025-02-13T17:02:33.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-29763 (GCVE-0-2021-29763)
Vulnerability from cvelistv5
Published
2021-09-16 15:50
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6489493 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/202267 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20211029-0005/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DB2 for Linux, UNIX and Windows |
Version: 11.1 Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:02.513Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6489493", }, { name: "ibm-db2-cve202129763-dos (202267)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DB2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.1", }, { status: "affected", version: "11.5", }, ], }, ], datePublic: "2021-09-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 4.5, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/I:N/AV:L/S:U/PR:N/A:H/UI:N/C:N/AC:H/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-29T12:06:20", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6489493", }, { name: "ibm-db2-cve202129763-dos (202267)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-09-15T00:00:00", ID: "CVE-2021-29763", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DB2 for Linux, UNIX and Windows", version: { version_data: [ { version_value: "11.1", }, { version_value: "11.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "N", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6489493", refsource: "CONFIRM", title: "IBM Security Bulletin 6489493 (DB2 for Linux, UNIX and Windows)", url: "https://www.ibm.com/support/pages/node/6489493", }, { name: "ibm-db2-cve202129763-dos (202267)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/202267", }, { name: "https://security.netapp.com/advisory/ntap-20211029-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29763", datePublished: "2021-09-16T15:50:18.694225Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T20:36:26.858Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4606 (GCVE-0-2019-4606)
Vulnerability from cvelistv5
Published
2019-12-12 16:30
Modified
2024-09-16 22:20
Severity ?
EPSS score ?
Summary
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/1128063 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | DB2 High Performance Unload load for LUW |
Version: 6.1 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:48.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/1128063", }, { name: "ibm-db2-cve20194606-code-exec (168298)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168298", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DB2 High Performance Unload load for LUW", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, ], }, { product: "Db2 High Performance Unload load for LUW", vendor: "IBM", versions: [ { status: "affected", version: "6.5", }, ], }, ], datePublic: "2019-12-11T00:00:00", descriptions: [ { lang: "en", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 6.4, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/PR:N/A:H/S:U/UI:N/I:H/AV:L/C:H/RC:C/E:U/RL:O", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-12T16:30:14", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/1128063", }, { name: "ibm-db2-cve20194606-code-exec (168298)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168298", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-12-11T00:00:00", ID: "CVE-2019-4606", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DB2 High Performance Unload load for LUW", version: { version_data: [ { version_value: "6.1", }, ], }, }, { product_name: "Db2 High Performance Unload load for LUW", version: { version_data: [ { version_value: "6.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "H", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/1128063", refsource: "CONFIRM", title: "IBM Security Bulletin 1128063 (Db2 High Performance Unload load for LUW)", url: "https://www.ibm.com/support/pages/node/1128063", }, { name: "ibm-db2-cve20194606-code-exec (168298)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/168298", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4606", datePublished: "2019-12-12T16:30:14.954030Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T22:20:29.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2020-6294 (GCVE-0-2020-6294)
Vulnerability from cvelistv5
Published
2020-08-12 13:27
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2927956 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP Business Objects Business Intelligence Platform |
Version: < 4.2 Version: < 4.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.318Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2927956", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP Business Objects Business Intelligence Platform", vendor: "SAP SE", versions: [ { status: "affected", version: "< 4.2", }, { status: "affected", version: "< 4.3", }, ], }, ], descriptions: [ { lang: "en", value: "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing Authentication Check", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-12T13:27:19", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2927956", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6294", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP Business Objects Business Intelligence Platform", version: { version_data: [ { version_name: "<", version_value: "4.2", }, { version_name: "<", version_value: "4.3", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.", }, ], }, impact: { cvss: { baseScore: "8.5", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authentication Check", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345", }, { name: "https://launchpad.support.sap.com/#/notes/2927956", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2927956", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6294", datePublished: "2020-08-12T13:27:19", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.318Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40687 (GCVE-0-2023-40687)
Vulnerability from cvelistv5
Published
2023-12-04 01:10
Modified
2025-02-13 17:08
Severity ?
EPSS score ?
Summary
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087149", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.", }, ], value: "IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:56.078Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087149", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/264809", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40687", datePublished: "2023-12-04T01:10:23.988Z", dateReserved: "2023-08-18T15:48:06.502Z", dateUpdated: "2025-02-13T17:08:38.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40373 (GCVE-0-2023-40373)
Vulnerability from cvelistv5
Published
2023-10-16 23:08
Modified
2025-02-13 17:07
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.828Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047563", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40373", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-13T18:58:04.400746Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-13T18:58:22.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:56.014Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047563", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263574", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40373", datePublished: "2023-10-16T23:08:25.937Z", dateReserved: "2023-08-14T20:12:05.635Z", dateUpdated: "2025-02-13T17:07:45.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-46167 (GCVE-0-2023-46167)
Vulnerability from cvelistv5
Published
2023-12-04 00:04
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:39.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-12T14:06:24.402Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087203", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/269367", }, { url: "https://security.netapp.com/advisory/ntap-20240112-0003/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-46167", datePublished: "2023-12-04T00:04:15.436Z", dateReserved: "2023-10-17T22:30:15.074Z", dateUpdated: "2025-02-13T17:14:18.298Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-47701 (GCVE-0-2023-47701)
Vulnerability from cvelistv5
Published
2023-12-04 00:19
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:16:43.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7087180", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:51.286Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7087180", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/266166", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0001/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-47701", datePublished: "2023-12-04T00:19:20.827Z", dateReserved: "2023-11-09T11:30:56.581Z", dateUpdated: "2025-02-13T17:18:06.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-9895 (GCVE-0-2019-9895)
Vulnerability from cvelistv5
Published
2019-03-21 02:31
Modified
2024-08-04 22:01
Severity ?
EPSS score ?
Summary
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html | vendor-advisory, x_refsource_SUSE | |
| https://seclists.org/bugtraq/2019/Apr/6 | mailing-list, x_refsource_BUGTRAQ | |
| https://security.netapp.com/advisory/ntap-20190404-0001/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4423 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:01:55.131Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2019-5776dfe300", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/", }, { name: "FEDORA-2019-9e1a1cd634", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/", }, { name: "openSUSE-SU-2019:1113", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html", }, { name: "openSUSE-SU-2019:1123", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html", }, { name: "20190403 [SECURITY] [DSA 4423-1] putty security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190404-0001/", }, { name: "DSA-4423", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4423", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-05T04:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2019-5776dfe300", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/", }, { name: "FEDORA-2019-9e1a1cd634", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/", }, { name: "openSUSE-SU-2019:1113", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html", }, { name: "openSUSE-SU-2019:1123", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html", }, { name: "20190403 [SECURITY] [DSA 4423-1] putty security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Apr/6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190404-0001/", }, { name: "DSA-4423", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4423", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9895", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", refsource: "MISC", url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", }, { name: "FEDORA-2019-5776dfe300", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES/", }, { name: "FEDORA-2019-9e1a1cd634", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2/", }, { name: "openSUSE-SU-2019:1113", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html", }, { name: "openSUSE-SU-2019:1123", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html", }, { name: "20190403 [SECURITY] [DSA 4423-1] putty security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Apr/6", }, { name: "https://security.netapp.com/advisory/ntap-20190404-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190404-0001/", }, { name: "DSA-4423", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4423", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9895", datePublished: "2019-03-21T02:31:06", dateReserved: "2019-03-20T00:00:00", dateUpdated: "2024-08-04T22:01:55.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-25255 (GCVE-0-2022-25255)
Vulnerability from cvelistv5
Published
2022-02-16 18:48
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
| ▼ | URL | Tags |
|---|---|---|
| https://codereview.qt-project.org/c/qt/qtbase/+/393113 | x_refsource_MISC | |
| https://codereview.qt-project.org/c/qt/qtbase/+/394914 | x_refsource_MISC | |
| https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff | x_refsource_MISC | |
| https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff | x_refsource_MISC | |
| https://codereview.qt-project.org/c/qt/qtbase/+/396020 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.650Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-16T18:48:34", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", }, { tags: [ "x_refsource_MISC", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", }, { tags: [ "x_refsource_MISC", ], url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", }, { tags: [ "x_refsource_MISC", ], url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", }, { tags: [ "x_refsource_MISC", ], url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25255", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", refsource: "MISC", url: "https://codereview.qt-project.org/c/qt/qtbase/+/393113", }, { name: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", refsource: "MISC", url: "https://codereview.qt-project.org/c/qt/qtbase/+/394914", }, { name: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", refsource: "MISC", url: "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", }, { name: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", refsource: "MISC", url: "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", }, { name: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", refsource: "MISC", url: "https://codereview.qt-project.org/c/qt/qtbase/+/396020", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25255", datePublished: "2022-02-16T18:48:35", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.650Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0629 (GCVE-0-2013-0629)
Vulnerability from cvelistv5
Published
2013-01-09 01:00
Modified
2025-02-04 21:50
Severity ?
EPSS score ?
Summary
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/57165 | vdb-entry, x_refsource_BID | |
| http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:33:05.630Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { name: "57165", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2013-0629", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T21:50:42.862032Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-07", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0629", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:50:49.261Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-04T00:00:00.000Z", descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-01-15T10:00:00.000Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { name: "57165", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57165", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@adobe.com", ID: "CVE-2013-0629", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { name: "57165", refsource: "BID", url: "http://www.securityfocus.com/bid/57165", }, { name: "http://www.adobe.com/support/security/advisories/apsa13-01.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2013-0629", datePublished: "2013-01-09T01:00:00.000Z", dateReserved: "2012-12-18T00:00:00.000Z", dateUpdated: "2025-02-04T21:50:49.261Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-40372 (GCVE-0-2023-40372)
Vulnerability from cvelistv5
Published
2023-10-16 23:02
Modified
2025-02-13 17:07
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.682Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047561", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40372", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-26T14:40:17.973223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-16T18:40:19.199Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:57.706Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047561", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/263499", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-40372", datePublished: "2023-10-16T23:02:30.073Z", dateReserved: "2023-08-14T20:12:04.115Z", dateUpdated: "2025-02-13T17:07:45.079Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-44717 (GCVE-0-2021-44717)
Vulnerability from cvelistv5
Published
2022-01-01 00:00
Modified
2024-08-04 04:32
Severity ?
EPSS score ?
Summary
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:32:12.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, { name: "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", }, { name: "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", }, { name: "GLSA-202208-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-02", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", }, { name: "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-19T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", }, { name: "[debian-lts-announce] 20220121 [SECURITY] [DLA 2891-1] golang-1.8 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", }, { name: "[debian-lts-announce] 20220121 [SECURITY] [DLA 2892-1] golang-1.7 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", }, { name: "GLSA-202208-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-02", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", }, { name: "[debian-lts-announce] 20230419 [SECURITY] [DLA 3395-1] golang-1.11 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-44717", datePublished: "2022-01-01T00:00:00", dateReserved: "2021-12-07T00:00:00", dateUpdated: "2024-08-04T04:32:12.279Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-6184 (GCVE-0-2014-6184)
Vulnerability from cvelistv5
Published
2015-02-22 02:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21695878 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:10:12.719Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "IT05707", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-01-30T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-02-22T02:57:00", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { name: "IT05707", tags: [ "vendor-advisory", "x_refsource_AIXAPAR", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", ID: "CVE-2014-6184", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "IT05707", refsource: "AIXAPAR", url: "http://www-01.ibm.com/support/docview.wss?uid=swg1IT05707", }, { name: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", refsource: "CONFIRM", url: "http://www-01.ibm.com/support/docview.wss?uid=swg21695878", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2014-6184", datePublished: "2015-02-22T02:00:00", dateReserved: "2014-09-02T00:00:00", dateUpdated: "2024-08-06T12:10:12.719Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-22389 (GCVE-0-2022-22389)
Vulnerability from cvelistv5
Published
2022-06-24 16:45
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6598047 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/221970 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20220729-0007/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DB2 for Linux, UNIX and Windows |
Version: 10.5 Version: 10.1 Version: 9.7 Version: 11.1 Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:14:54.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6598047", }, { name: "ibm-db2-cve202222389-dos (221970)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DB2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5", }, { status: "affected", version: "10.1", }, { status: "affected", version: "9.7", }, { status: "affected", version: "11.1", }, { status: "affected", version: "11.5", }, ], }, ], datePublic: "2022-06-23T00:00:00", descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "LOW", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.7, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/UI:N/PR:L/AC:L/A:H/C:N/AV:N/S:U/I:N/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-29T19:07:28", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6598047", }, { name: "ibm-db2-cve202222389-dos (221970)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2022-06-23T00:00:00", ID: "CVE-2022-22389", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DB2 for Linux, UNIX and Windows", version: { version_data: [ { version_value: "10.5", }, { version_value: "10.1", }, { version_value: "9.7", }, { version_value: "11.1", }, { version_value: "11.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "N", C: "N", I: "N", PR: "L", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6598047", refsource: "CONFIRM", title: "IBM Security Bulletin 6598047 (DB2 for Linux, UNIX and Windows)", url: "https://www.ibm.com/support/pages/node/6598047", }, { name: "ibm-db2-cve202222389-dos (221970)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/221970", }, { name: "https://security.netapp.com/advisory/ntap-20220729-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220729-0007/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2022-22389", datePublished: "2022-06-24T16:45:17.882277Z", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-09-16T17:18:40.685Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-4523 (GCVE-0-2019-4523)
Vulnerability from cvelistv5
Published
2019-10-22 14:27
Modified
2024-09-16 22:46
Severity ?
EPSS score ?
Summary
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.
References
| ▼ | URL | Tags |
|---|---|---|
| https://supportcontent.ibm.com/support/pages/node/1073236 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/165481 | vdb-entry, x_refsource_XF |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | IBM | Db2 High Performance Unload load for LUW |
Version: 6.5 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:40:47.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://supportcontent.ibm.com/support/pages/node/1073236", }, { name: "ibm-db2-cve20194523-bo (165481)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Db2 High Performance Unload load for LUW", vendor: "IBM", versions: [ { status: "affected", version: "6.5", }, ], }, { product: "DB2 High Performance Unload load for LUW", vendor: "IBM", versions: [ { status: "affected", version: "6.1", }, ], }, ], datePublic: "2019-10-16T00:00:00", descriptions: [ { lang: "en", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "HIGH", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 7.3, temporalSeverity: "HIGH", userInteraction: "NONE", vectorString: "CVSS:3.0/PR:N/AV:L/UI:N/C:H/I:H/A:H/S:U/AC:L/RL:O/E:U/RC:C", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Gain Privileges", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-22T14:27:43", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://supportcontent.ibm.com/support/pages/node/1073236", }, { name: "ibm-db2-cve20194523-bo (165481)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2019-10-16T00:00:00", ID: "CVE-2019-4523", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Db2 High Performance Unload load for LUW", version: { version_data: [ { version_value: "6.5", }, ], }, }, { product_name: "DB2 High Performance Unload load for LUW", version: { version_data: [ { version_value: "6.1", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481.", }, ], }, impact: { cvssv3: { BM: { A: "H", AC: "L", AV: "L", C: "H", I: "H", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Gain Privileges", }, ], }, ], }, references: { reference_data: [ { name: "https://supportcontent.ibm.com/support/pages/node/1073236", refsource: "CONFIRM", title: "IBM Security Bulletin 1073236 (Db2 High Performance Unload load for LUW)", url: "https://supportcontent.ibm.com/support/pages/node/1073236", }, { name: "ibm-db2-cve20194523-bo (165481)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/165481", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2019-4523", datePublished: "2019-10-22T14:27:44.016474Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T22:46:53.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2007-5616 (GCVE-0-2007-5616)
Vulnerability from cvelistv5
Published
2008-01-09 21:00
Modified
2024-08-07 15:39
Severity ?
EPSS score ?
Summary
ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27191 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2008/0078 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1019167 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/28247 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/921339 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39569 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/WDON-7AMRRF | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T15:39:13.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "27191", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/27191", }, { name: "ADV-2008-0078", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/0078", }, { name: "1019167", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1019167", }, { name: "28247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/28247", }, { name: "VU#921339", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/921339", }, { name: "ssh-tectia-sshsigner-privilege-escalation(39569)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-01-08T00:00:00", descriptions: [ { lang: "en", value: "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-28T12:57:01", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "27191", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/27191", }, { name: "ADV-2008-0078", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/0078", }, { name: "1019167", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1019167", }, { name: "28247", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/28247", }, { name: "VU#921339", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/921339", }, { name: "ssh-tectia-sshsigner-privilege-escalation(39569)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2007-5616", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x before 5.3.6, on Unix and Linux allows local users to gain privileges via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "27191", refsource: "BID", url: "http://www.securityfocus.com/bid/27191", }, { name: "ADV-2008-0078", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/0078", }, { name: "1019167", refsource: "SECTRACK", url: "http://securitytracker.com/id?1019167", }, { name: "28247", refsource: "SECUNIA", url: "http://secunia.com/advisories/28247", }, { name: "VU#921339", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/921339", }, { name: "ssh-tectia-sshsigner-privilege-escalation(39569)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39569", }, { name: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", refsource: "CONFIRM", url: "http://www.kb.cert.org/vuls/id/WDON-7AMRRF", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2007-5616", datePublished: "2008-01-09T21:00:00", dateReserved: "2007-10-21T00:00:00", dateUpdated: "2024-08-07T15:39:13.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-22772 (GCVE-0-2022-22772)
Vulnerability from cvelistv5
Published
2022-03-30 16:40
Modified
2024-09-16 21:08
Severity ?
EPSS score ?
Summary
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM | |
| https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for UNIX |
Version: unspecified < |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:21:49.168Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tibco.com/services/support/advisories", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "TIBCO Managed File Transfer Platform Server for UNIX", vendor: "TIBCO Software Inc.", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "TIBCO Managed File Transfer Platform Server for z/Linux", vendor: "TIBCO Software Inc.", versions: [ { lessThanOrEqual: "8.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-03-30T00:00:00", descriptions: [ { lang: "en", value: "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-30T17:06:13", orgId: "4f830c72-39e4-45f6-a99f-78cc01ae04db", shortName: "tibco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tibco.com/services/support/advisories", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", }, ], solutions: [ { lang: "en", value: "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later", }, ], source: { discovery: "Toronto-Dominion Bank", }, title: "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@tibco.com", DATE_PUBLIC: "2022-03-30T17:00:00Z", ID: "CVE-2022-22772", STATE: "PUBLIC", TITLE: "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "TIBCO Managed File Transfer Platform Server for UNIX", version: { version_data: [ { version_affected: "<=", version_value: "8.1.0", }, ], }, }, { product_name: "TIBCO Managed File Transfer Platform Server for z/Linux", version: { version_data: [ { version_affected: "<=", version_value: "8.1.0", }, ], }, }, ], }, vendor_name: "TIBCO Software Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tibco.com/services/support/advisories", refsource: "CONFIRM", url: "https://www.tibco.com/services/support/advisories", }, { name: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", refsource: "CONFIRM", url: "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", }, ], }, solution: [ { lang: "en", value: "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later", }, ], source: { discovery: "Toronto-Dominion Bank", }, }, }, }, cveMetadata: { assignerOrgId: "4f830c72-39e4-45f6-a99f-78cc01ae04db", assignerShortName: "tibco", cveId: "CVE-2022-22772", datePublished: "2022-03-30T16:40:10.158737Z", dateReserved: "2022-01-07T00:00:00", dateUpdated: "2024-09-16T21:08:01.606Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-4374 (GCVE-0-2011-4374)
Vulnerability from cvelistv5
Published
2012-01-19 19:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb11-24.html | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812 | vdb-entry, signature, x_refsource_OVAL |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:09:18.373Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", }, { name: "oval:org.mitre.oval:def:14812", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-01-18T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", }, { name: "oval:org.mitre.oval:def:14812", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@adobe.com", ID: "CVE-2011-4374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb11-24.html", }, { name: "oval:org.mitre.oval:def:14812", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14812", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2011-4374", datePublished: "2012-01-19T19:00:00", dateReserved: "2011-11-04T00:00:00", dateUpdated: "2024-08-07T00:09:18.373Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-30991 (GCVE-0-2023-30991)
Vulnerability from cvelistv5
Published
2023-10-16 22:53
Modified
2025-02-13 16:49
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 11.1, 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:45:24.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047499", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:18.211Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047499", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0005/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-30991", datePublished: "2023-10-16T22:53:03.651Z", dateReserved: "2023-04-21T17:49:51.826Z", dateUpdated: "2025-02-13T16:49:40.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0631 (GCVE-0-2013-0631)
Vulnerability from cvelistv5
Published
2013-01-09 01:00
Modified
2025-02-04 21:48
Severity ?
EPSS score ?
Summary
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
| http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:33:05.333Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2013-0631", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T21:48:45.707985Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-07", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0631", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:48:50.827Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-04T00:00:00.000Z", descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-01-18T10:00:00.000Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@adobe.com", ID: "CVE-2013-0631", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in January 2013.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { name: "http://www.adobe.com/support/security/advisories/apsa13-01.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2013-0631", datePublished: "2013-01-09T01:00:00.000Z", dateReserved: "2012-12-18T00:00:00.000Z", dateUpdated: "2025-02-04T21:48:50.827Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2013-0625 (GCVE-0-2013-0625)
Vulnerability from cvelistv5
Published
2013-01-09 01:00
Modified
2025-02-04 21:51
Severity ?
EPSS score ?
Summary
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/57164 | vdb-entry, x_refsource_BID | |
| http://www.adobe.com/support/security/bulletins/apsb13-03.html | x_refsource_CONFIRM | |
| http://www.adobe.com/support/security/advisories/apsa13-01.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:33:05.288Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "57164", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57164", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2013-0625", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T21:51:17.216288Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-03-07", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0625", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:51:21.997Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-04T00:00:00.000Z", descriptions: [ { lang: "en", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-01-15T10:00:00.000Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { name: "57164", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57164", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@adobe.com", ID: "CVE-2013-0625", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "57164", refsource: "BID", url: "http://www.securityfocus.com/bid/57164", }, { name: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb13-03.html", }, { name: "http://www.adobe.com/support/security/advisories/apsa13-01.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/advisories/apsa13-01.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2013-0625", datePublished: "2013-01-09T01:00:00.000Z", dateReserved: "2012-12-18T00:00:00.000Z", dateUpdated: "2025-02-04T21:51:21.997Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-40830 (GCVE-0-2021-40830)
Vulnerability from cvelistv5
Published
2021-11-22 23:41
Modified
2024-08-04 02:51
Severity ?
EPSS score ?
Summary
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/awslabs/aws-c-io/ | x_refsource_MISC | |
| https://github.com/aws/aws-iot-device-sdk-cpp-v2 | x_refsource_MISC | |
| https://github.com/aws/aws-iot-device-sdk-python-v2 | x_refsource_MISC | |
| https://github.com/aws/aws-iot-device-sdk-java-v2 | x_refsource_MISC | |
| https://github.com/aws/aws-iot-device-sdk-js-v2 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Amazon Web Services | AWS IoT Device SDK v2 for Java |
Version: unspecified < 1.5.0 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:51:06.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/awslabs/aws-c-io/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aws/aws-iot-device-sdk-python-v2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aws/aws-iot-device-sdk-java-v2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/aws/aws-iot-device-sdk-js-v2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Linux/Unix", ], product: "AWS IoT Device SDK v2 for Java ", vendor: "Amazon Web Services", versions: [ { lessThan: "1.5.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux/Unix", ], product: "AWS IoT Device SDK v2 for Python", vendor: "Amazon Web Services", versions: [ { lessThan: "1.6.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux/Unix", ], product: "AWS IoT Device SDK v2 for C++", vendor: "Amazon Web Services", versions: [ { lessThan: "1.12.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux/Unix", ], product: "AWS IoT Device SDK v2 for Node.js", vendor: "Amazon Web Services", versions: [ { lessThan: "1.5.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { platforms: [ "Linux/Unix", ], product: "AWS-C-IO", vendor: "Amazon Web Services", versions: [ { status: "affected", version: "0.10.4", }, ], }, ], credits: [ { lang: "en", value: "F-Secure", }, ], descriptions: [ { lang: "en", value: "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-22T23:41:18", orgId: "126858f1-1b65-4b74-81ca-7034f7f7723f", shortName: "F-SecureUS", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/awslabs/aws-c-io/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aws/aws-iot-device-sdk-python-v2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aws/aws-iot-device-sdk-java-v2", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/aws/aws-iot-device-sdk-js-v2", }, ], solutions: [ { lang: "en", value: "Update to the latest versions of the AWS IoT Device SDK.", }, ], source: { discovery: "INTERNAL", }, title: "Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve-notifications-us@f-secure.com", ID: "CVE-2021-40830", STATE: "PUBLIC", TITLE: "Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "AWS IoT Device SDK v2 for Java ", version: { version_data: [ { platform: "Linux/Unix", version_affected: "<", version_value: "1.5.0", }, ], }, }, { product_name: "AWS IoT Device SDK v2 for Python", version: { version_data: [ { platform: "Linux/Unix", version_affected: "<", version_value: "1.6.1", }, ], }, }, { product_name: "AWS IoT Device SDK v2 for C++", version: { version_data: [ { platform: "Linux/Unix", version_affected: "<", version_value: "1.12.7", }, ], }, }, { product_name: "AWS IoT Device SDK v2 for Node.js", version: { version_data: [ { platform: "Linux/Unix", version_affected: "<", version_value: "1.5.3", }, ], }, }, { product_name: "AWS-C-IO", version: { version_data: [ { platform: "Linux/Unix", version_value: "0.10.4", }, ], }, }, ], }, vendor_name: "Amazon Web Services", }, ], }, }, credit: [ { lang: "eng", value: "F-Secure", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. ", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/awslabs/aws-c-io/", refsource: "MISC", url: "https://github.com/awslabs/aws-c-io/", }, { name: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", refsource: "MISC", url: "https://github.com/aws/aws-iot-device-sdk-cpp-v2", }, { name: "https://github.com/aws/aws-iot-device-sdk-python-v2", refsource: "MISC", url: "https://github.com/aws/aws-iot-device-sdk-python-v2", }, { name: "https://github.com/aws/aws-iot-device-sdk-java-v2", refsource: "MISC", url: "https://github.com/aws/aws-iot-device-sdk-java-v2", }, { name: "https://github.com/aws/aws-iot-device-sdk-js-v2", refsource: "MISC", url: "https://github.com/aws/aws-iot-device-sdk-js-v2", }, ], }, solution: [ { lang: "en", value: "Update to the latest versions of the AWS IoT Device SDK.", }, ], source: { discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "126858f1-1b65-4b74-81ca-7034f7f7723f", assignerShortName: "F-SecureUS", cveId: "CVE-2021-40830", datePublished: "2021-11-22T23:41:18", dateReserved: "2021-09-09T00:00:00", dateUpdated: "2024-08-04T02:51:06.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-31880 (GCVE-0-2024-31880)
Vulnerability from cvelistv5
Published
2024-10-23 01:09
Modified
2024-10-23 13:49
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/7156851 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1, 11.5 cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-31880", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T13:49:09.299428Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T13:49:17.413Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*", "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*", "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*", "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*", "cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*", "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*", "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*", "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*", "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*", "cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*", "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*", "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*", "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*", "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*", "cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*", ], defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1, 11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-23T01:09:30.580Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7156851", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2024-31880", datePublished: "2024-10-23T01:09:30.580Z", dateReserved: "2024-04-07T12:44:46.960Z", dateUpdated: "2024-10-23T13:49:17.413Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38728 (GCVE-0-2023-38728)
Vulnerability from cvelistv5
Published
2023-10-16 21:27
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Version: 10.5, 11.1 ,11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Db2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "10.5, 11.1 ,11.5", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.", }, ], value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-16T15:06:52.932Z", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.ibm.com/support/pages/node/7047489", }, { tags: [ "vdb-entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258", }, { url: "https://security.netapp.com/advisory/ntap-20231116-0006/", }, ], source: { discovery: "UNKNOWN", }, title: "IBM Db2 denial of service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2023-38728", datePublished: "2023-10-16T21:27:06.469Z", dateReserved: "2023-07-25T00:01:06.101Z", dateUpdated: "2025-02-13T17:02:35.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-29825 (GCVE-0-2021-29825)
Vulnerability from cvelistv5
Published
2021-09-16 15:50
Modified
2024-09-16 19:14
Severity ?
EPSS score ?
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.ibm.com/support/pages/node/6489499 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/204470 | vdb-entry, x_refsource_XF | |
| https://security.netapp.com/advisory/ntap-20211029-0005/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | DB2 for Linux, UNIX and Windows |
Version: 11.1 Version: 11.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:18:03.371Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.ibm.com/support/pages/node/6489499", }, { name: "ibm-db2-cve202129825-info-disc (204470)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "DB2 for Linux, UNIX and Windows", vendor: "IBM", versions: [ { status: "affected", version: "11.1", }, { status: "affected", version: "11.5", }, ], }, ], datePublic: "2021-09-15T00:00:00", descriptions: [ { lang: "en", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", exploitCodeMaturity: "UNPROVEN", integrityImpact: "NONE", privilegesRequired: "NONE", remediationLevel: "OFFICIAL_FIX", reportConfidence: "CONFIRMED", scope: "UNCHANGED", temporalScore: 5.2, temporalSeverity: "MEDIUM", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:H/C:H/AV:N/PR:N/S:U/A:N/UI:N/I:N/RL:O/RC:C/E:U", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Obtain Information", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-10-29T12:06:18", orgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", shortName: "ibm", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.ibm.com/support/pages/node/6489499", }, { name: "ibm-db2-cve202129825-info-disc (204470)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@us.ibm.com", DATE_PUBLIC: "2021-09-15T00:00:00", ID: "CVE-2021-29825", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "DB2 for Linux, UNIX and Windows", version: { version_data: [ { version_value: "11.1", }, { version_value: "11.5", }, ], }, }, ], }, vendor_name: "IBM", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.", }, ], }, impact: { cvssv3: { BM: { A: "N", AC: "H", AV: "N", C: "H", I: "N", PR: "N", S: "U", UI: "N", }, TM: { E: "U", RC: "C", RL: "O", }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Obtain Information", }, ], }, ], }, references: { reference_data: [ { name: "https://www.ibm.com/support/pages/node/6489499", refsource: "CONFIRM", title: "IBM Security Bulletin 6489499 (DB2 for Linux, UNIX and Windows)", url: "https://www.ibm.com/support/pages/node/6489499", }, { name: "ibm-db2-cve202129825-info-disc (204470)", refsource: "XF", title: "X-Force Vulnerability Report", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/204470", }, { name: "https://security.netapp.com/advisory/ntap-20211029-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211029-0005/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9a959283-ebb5-44b6-b705-dcc2bbced522", assignerShortName: "ibm", cveId: "CVE-2021-29825", datePublished: "2021-09-16T15:50:20.270592Z", dateReserved: "2021-03-31T00:00:00", dateUpdated: "2024-09-16T19:14:36.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2019-15162 (GCVE-0-2019-15162)
Vulnerability from cvelistv5
Published
2019-10-03 18:32
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:42:00.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tcpdump.org/public-cve-list.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", }, { name: "FEDORA-2019-eaa681d33e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/", }, { name: "FEDORA-2019-4fe461079f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/", }, { name: "FEDORA-2019-b92ce3144a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210788", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210790", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210785", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/kb/HT210789", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-15T21:06:52", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tcpdump.org/public-cve-list.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", }, { name: "FEDORA-2019-eaa681d33e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/", }, { name: "FEDORA-2019-4fe461079f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/", }, { name: "FEDORA-2019-b92ce3144a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210788", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210790", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210785", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/kb/HT210789", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15162", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tcpdump.org/public-cve-list.txt", refsource: "CONFIRM", url: "https://www.tcpdump.org/public-cve-list.txt", }, { name: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES", }, { name: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", refsource: "CONFIRM", url: "https://github.com/the-tcpdump-group/libpcap/commit/484d60cbf7ca4ec758c3cbb8a82d68b244a78d58", }, { name: "FEDORA-2019-eaa681d33e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/", }, { name: "FEDORA-2019-4fe461079f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/", }, { name: "FEDORA-2019-b92ce3144a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/", }, { name: "https://support.apple.com/kb/HT210788", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210788", }, { name: "https://support.apple.com/kb/HT210790", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210790", }, { name: "https://support.apple.com/kb/HT210785", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210785", }, { name: "https://support.apple.com/kb/HT210789", refsource: "CONFIRM", url: "https://support.apple.com/kb/HT210789", }, { name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Dec/23", }, { name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Dec/26", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15162", datePublished: "2019-10-03T18:32:05", dateReserved: "2019-08-19T00:00:00", dateUpdated: "2024-08-05T00:42:00.474Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-30984 (GCVE-0-2022-30984)
Vulnerability from cvelistv5
Published
2022-08-25 23:18
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.
References
| ▼ | URL | Tags |
|---|---|---|
| https://rubrik.com | x_refsource_MISC | |
| https://www.rubrik.com/advisories/rbk-20220705-V0037 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T07:03:40.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://rubrik.com", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.rubrik.com/advisories/rbk-20220705-V0037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-25T23:18:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://rubrik.com", }, { tags: [ "x_refsource_MISC", ], url: "https://www.rubrik.com/advisories/rbk-20220705-V0037", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-30984", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://rubrik.com", refsource: "MISC", url: "https://rubrik.com", }, { name: "https://www.rubrik.com/advisories/rbk-20220705-V0037", refsource: "MISC", url: "https://www.rubrik.com/advisories/rbk-20220705-V0037", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-30984", datePublished: "2022-08-25T23:18:19", dateReserved: "2022-05-18T00:00:00", dateUpdated: "2024-08-03T07:03:40.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2011-2462 (GCVE-0-2011-2462)
Vulnerability from cvelistv5
Published
2011-12-07 19:00
Modified
2025-02-04 21:47
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html | vendor-advisory, x_refsource_SUSE | |
| http://www.adobe.com/support/security/bulletins/apsb12-01.html | x_refsource_CONFIRM | |
| http://www.adobe.com/support/security/advisories/apsa11-04.html | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2012-0011.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html | vendor-advisory, x_refsource_SUSE | |
| http://www.adobe.com/support/security/bulletins/apsb11-30.html | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.us-cert.gov/cas/techalerts/TA11-350A.html | third-party-advisory, x_refsource_CERT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:00:33.994Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2012:0087", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/advisories/apsa11-04.html", }, { name: "RHSA-2012:0011", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2012-0011.html", }, { name: "SUSE-SU-2012:0086", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", }, { name: "oval:org.mitre.oval:def:14562", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562", }, { name: "TA11-350A", tags: [ "third-party-advisory", "x_refsource_CERT", "x_transferred", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-350A.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2011-2462", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T21:47:37.887559Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-06-08", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-2462", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T21:47:46.448Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-12-06T00:00:00.000Z", descriptions: [ { lang: "en", value: "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01.000Z", orgId: "078d4453-3bcd-4900-85e6-15281da43538", shortName: "adobe", }, references: [ { name: "openSUSE-SU-2012:0087", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/advisories/apsa11-04.html", }, { name: "RHSA-2012:0011", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2012-0011.html", }, { name: "SUSE-SU-2012:0086", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", }, { name: "oval:org.mitre.oval:def:14562", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562", }, { name: "TA11-350A", tags: [ "third-party-advisory", "x_refsource_CERT", ], url: "http://www.us-cert.gov/cas/techalerts/TA11-350A.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@adobe.com", ID: "CVE-2011-2462", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2012:0087", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00020.html", }, { name: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb12-01.html", }, { name: "http://www.adobe.com/support/security/advisories/apsa11-04.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/advisories/apsa11-04.html", }, { name: "RHSA-2012:0011", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2012-0011.html", }, { name: "SUSE-SU-2012:0086", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00019.html", }, { name: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", refsource: "CONFIRM", url: "http://www.adobe.com/support/security/bulletins/apsb11-30.html", }, { name: "oval:org.mitre.oval:def:14562", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14562", }, { name: "TA11-350A", refsource: "CERT", url: "http://www.us-cert.gov/cas/techalerts/TA11-350A.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "078d4453-3bcd-4900-85e6-15281da43538", assignerShortName: "adobe", cveId: "CVE-2011-2462", datePublished: "2011-12-07T19:00:00.000Z", dateReserved: "2011-06-06T00:00:00.000Z", dateUpdated: "2025-02-04T21:47:46.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2021-21384 (GCVE-0-2021-21384)
Vulnerability from cvelistv5
Published
2021-03-18 23:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh | x_refsource_CONFIRM | |
| https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b | x_refsource_MISC | |
| https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3 | x_refsource_MISC | |
| https://www.npmjs.com/package/shescape | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ericcornelissen | shescape |
Version: < 1.1.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:09:15.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.npmjs.com/package/shescape", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "shescape", vendor: "ericcornelissen", versions: [ { status: "affected", version: "< 1.1.3", }, ], }, ], descriptions: [ { lang: "en", value: "shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-88", description: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-18T23:50:13", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", }, { tags: [ "x_refsource_MISC", ], url: "https://www.npmjs.com/package/shescape", }, ], source: { advisory: "GHSA-f2rp-38vg-j3gh", discovery: "UNKNOWN", }, title: "Null characters not escaped in shescape", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-21384", STATE: "PUBLIC", TITLE: "Null characters not escaped in shescape", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "shescape", version: { version_data: [ { version_value: "< 1.1.3", }, ], }, }, ], }, vendor_name: "ericcornelissen", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using _Shescape_ to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Security Advisory. The problem has been patched in version 1.1.3. No further changes are required.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", refsource: "CONFIRM", url: "https://github.com/ericcornelissen/shescape/security/advisories/GHSA-f2rp-38vg-j3gh", }, { name: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", refsource: "MISC", url: "https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b", }, { name: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", refsource: "MISC", url: "https://github.com/ericcornelissen/shescape/releases/tag/v1.1.3", }, { name: "https://www.npmjs.com/package/shescape", refsource: "MISC", url: "https://www.npmjs.com/package/shescape", }, ], }, source: { advisory: "GHSA-f2rp-38vg-j3gh", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-21384", datePublished: "2021-03-18T23:50:13", dateReserved: "2020-12-22T00:00:00", dateUpdated: "2024-08-03T18:09:15.790Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }