CVE-2023-28950
IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.
Source: CVE-2023-28950
[월:] 2023년 05월
CVE-2023-28529
CVE-2023-28529
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.
Source: CVE-2023-28529
CVE-2022-47984
CVE-2022-47984
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.
Source: CVE-2022-47984
CVE-2023-22878
CVE-2023-22878
IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.
Source: CVE-2023-22878
CVE-2023-30774
CVE-2023-30774
A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.
Source: CVE-2023-30774
CVE-2023-30775
CVE-2023-30775
A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.
Source: CVE-2023-30775
CVE-2023-28514
CVE-2023-28514
IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.
Source: CVE-2023-28514
CVE-2023-20881
CVE-2023-20881
Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.
Source: CVE-2023-20881
CVE-2023-31707
CVE-2023-31757
CVE-2023-31757
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters ‘edit___cfg_powerby’ and ‘edit___cfg_beian’
Source: CVE-2023-31757