Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42436 4 Ibm, Linux, Microsoft and 1 more 7 Aix, I, Linux On Ibm Z and 4 more 2025-03-25 4 Medium
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
CVE-2022-35720 3 Ibm, Linux, Microsoft 6 Aix, Linux On Ibm Z, Sterling External Authentication Server and 3 more 2025-03-25 2.3 Low
IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.
CVE-2022-34362 3 Ibm, Linux, Microsoft 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more 2025-03-24 4.6 Medium
IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523.
CVE-2023-0575 4 Apple, Linux, Microsoft and 1 more 5 Iphone Os, Macos, Linux Kernel and 2 more 2025-03-24 7.2 High
External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0
CVE-2024-5591 3 Ibm, Linux, Microsoft 3 Jazz Foundation, Linux Kernel, Windows 2025-03-21 4.3 Medium
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVE-2024-41780 3 Ibm, Linux, Microsoft 3 Jazz Foundation, Linux Kernel, Windows 2025-03-21 4.2 Medium
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry.
CVE-2022-45454 2 Acronis, Microsoft 3 Agent, Cyber Protect, Windows 2025-03-21 7.5 High
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2022-45455 2 Acronis, Microsoft 4 Agent, Cyber Protect, Cyber Protect Home Office and 1 more 2025-03-21 7.8 High
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2024-41768 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 6.5 Medium
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.
CVE-2024-41767 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 7.3 High
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2024-41766 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 7.5 High
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
CVE-2024-41765 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 6.5 Medium
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2024-41763 3 Ibm, Linux, Microsoft 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more 2025-03-21 5.9 Medium
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2023-0132 2 Google, Microsoft 2 Chrome, Windows 2025-03-20 6.5 Medium
Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-23459 2 Microsoft, Priority-software 2 Windows, Priority 2025-03-19 9.1 Critical
Priority Windows may allow Command Execution via SQL Injection using an unspecified method.
CVE-2024-33880 2 Microsoft, Virtosoftware 2 Sharepoint Server, Sharepoint Bulk File Download 2025-03-19 5.3 Medium
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.
CVE-2023-22368 2 Elecom, Microsoft 3 Camera Assistant, Quickfiledealer, Windows 2025-03-19 7.8 High
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2023-24483 2 Citrix, Microsoft 2 Virtual Apps And Desktops, Windows 2025-03-18 7.8 High
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
CVE-2022-43927 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 and 3 more 2025-03-18 5.9 Medium
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.
CVE-2023-20858 2 Microsoft, Vmware 2 Windows, Carbon Black App Control 2025-03-17 7.2 High
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.