Security
Headlines
HeadlinesLatestCVEs

Tag

#ibm

CVE-2019-13590: SoX - Sound eXchange / Bugs

An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.

CVE
Open in Source
#mac#ubuntu#linux#c++#ibm
CVE-2019-4263: IBM Content Navigator information disclosure CVE-2019-4263 Vulnerability Report

IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access a configuration file in the ICN server. IBM X-Force ID: 160015.

CVE-2019-4260: IBM Daeja ViewONE information disclosure CVE-2019-4260 Vulnerability Report

IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012.

CVE-2019-4134: Security Bulletin: IBM Planning Analytics Administration is affected by a vulnerability

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158281.

CVE-2019-4088: Security Bulletin: Stack-based buffer overflow and elevation of privileges vulnerabilities in IBM Spectrum Protect Server and Storage Agents (CVE-2019-4087, CVE-2019-4088)

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.

CVE-2019-4129: Security Bulletin: Information Disclosure in IBM Spectrum Protect Operations Center (CVE-2019-4129)

IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remote attacker to obtain sensitive information, caused by an error message containing a stack trace. By creating an error with a stack trace, an attacker could exploit this vulnerability to potentially obtain details on the Operations Center architecture. IBM X-Force ID: 158279.

CVE-2019-13147: NULL pointer dereference bug in ulaw2linear_buf, in G711.cpp · Issue #54 · mpruett/audiofile

In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.

CVE-2019-4154: IBM DB2 for Linux, UNIX and Windows buffer overflow CVE-2019-4154 Vulnerability Report

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519.

CVE-2019-4102: Security Bulletin: IBM® Db2® does not explicitly forbid a weaker than expected 3DES cipher when configured to use SSL (CVE-2019-4102).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092.

CVE-2019-4322: Security Bulletin: Multiple buffer overflow vulnerabilities exist in IBM® Db2® leading to privilege escalation (CVE-2019-4322).

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.