Export limit exceeded: 75122 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75122 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4448 | 3 Ibm, Linux, Microsoft | 3 Db2 High Performance Unload Load, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. | ||||
| CVE-2019-4447 | 3 Ibm, Linux, Microsoft | 3 Db2 High Performance Unload Load, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. | ||||
| CVE-2019-4433 | 1 Ibm | 2 Infosphere Global Name Management, Infosphere Identity Insight | 2024-11-21 | 8.2 High |
| IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890. | ||||
| CVE-2019-4430 | 1 Ibm | 1 Maximo Asset Management | 2024-11-21 | 7.5 High |
| IBM Maximo Asset Management 7.6 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162887. | ||||
| CVE-2019-4427 | 2 Ibm, Microsoft | 2 Cloud Cli, Windows | 2024-11-21 | 7.5 High |
| IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using SHA1 certificate. An attacker might be able to exploit the weak algorithm to generate a installer with malicious software inside. IBM X-Force ID: 162773. | ||||
| CVE-2019-4424 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 8.2 High |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. | ||||
| CVE-2019-4422 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 8.8 High |
| IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768. | ||||
| CVE-2019-4419 | 1 Ibm | 3 Intelligent Operations Center, Intelligent Operations Center For Emergency Management, Water Operations For Waternamics | 2024-11-21 | 8.2 High |
| IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737. | ||||
| CVE-2019-4415 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 7.8 High |
| IBM Cloud Private 3.1.1 and 3.1.2 could allow a local user to obtain elevated privileges due to improper security context constraints. IBM X-Force ID: 162706. | ||||
| CVE-2019-4402 | 1 Ibm | 1 Api Connect | 2024-11-21 | 7.5 High |
| IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | ||||
| CVE-2019-4399 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | 7.5 High |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 162260. | ||||
| CVE-2019-4391 | 1 Hcltech | 1 Appscan | 2024-11-21 | 8.2 High |
| HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | ||||
| CVE-2019-4387 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 162715. | ||||
| CVE-2019-4364 | 1 Ibm | 10 Control Desk, Maximo Asset Management, Maximo For Aviation and 7 more | 2024-11-21 | 8.0 High |
| IBM Maximo Asset Management 7.6 is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. IBM X-Force ID: 161680. | ||||
| CVE-2019-4340 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 8.2 High |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 161419. | ||||
| CVE-2019-4339 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 7.5 High |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 161418. | ||||
| CVE-2019-4338 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 7.5 High |
| IBM Security Guardium Big Data Intelligence 4.0 (SonarG) does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended. IBM X-Force ID: 161417. | ||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | ||||
| CVE-2019-4326 | 1 Hcltech | 1 Appscan | 2024-11-21 | 7.5 High |
| "HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header." | ||||
| CVE-2019-4322 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | 7.8 High |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. | ||||