Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-3752

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE
Open in Source
#xss#vulnerability
CVE-2021-38933: IBM Sterling Connect:Direct for UNIX information disclosure CVE-2021-38933 Vulnerability Report

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.

CVE-2023-29259: IBM Sterling Connect:Express for UNIX information disclosure CVE-2023-29259 Vulnerability Report

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.

CVE-2023-29260: Express for UNIX is vulnerable to server-side request forgery (SSRF)

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.

CVE-2023-28513: Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2023-28513)

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.

CVE-2023-27877: Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

CVE-2022-43908: Security Bulletin: IBM Security Guardium is affected by several vulnerabilities

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

CVE-2023-30433: IBM Security Verify Access HTTP open redirect CVE-2023-30433 Vulnerability Report

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186.

CVE-2023-3765: Fix potential issues with PyFuncBackend in cli (#9053) · mlflow/mlflow@6dde937

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

CVE-2023-35900: IBM Robotic Process Automation information disclosure CVE-2023-35900 Vulnerability Report

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.