CVE-2024-28794 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2023-50953 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2023-50952 IBM InfoSphere Information Server server-side request forgery
IBM InfoSphere Information Server 11.7 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
0.0004EPSS
CVE-2024-31898 IBM InfoSphere Information Server data modification
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
4.9AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
6.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
4.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
4.7AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.038EPSS
CVE-2023-50954 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: ...
4.3CVSS
0.0004EPSS
CVE-2024-31902 IBM InfoSphere Information Server cross-site request forgery
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: ...
4.3CVSS
0.0004EPSS
CVE-2024-35119 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
6.1AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
6AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28798 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
0.0004EPSS
CVE-2023-35022 IBM InfoSphere Information Server improper authentication
IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: ...
4CVSS
0.0004EPSS
CVE-2024-28795 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
7.2AI Score
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
0.0004EPSS
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
7.5AI Score
0.0004EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
[SECURITY] Fedora 39 Update: kitty-0.31.0-3.fc39
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics (images), unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and ...
7.5AI Score
Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake...
0.0004EPSS
SUSE SLES15 Security Update : frr (SUSE-SU-2024:2245-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2245-1 advisory. - CVE-2023-38406: Fixed nlri length of zero mishandling, aka 'flowspec overflow'. (bsc#1216900) - CVE-2023-47235: Fixed a crash on.....
9.8CVSS
7.9AI Score
0.001EPSS
FreeBSD : frr - Multiple vulnerabilities (07f0ea8c-356a-11ef-ac6d-a0423f48a938)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 07f0ea8c-356a-11ef-ac6d-a0423f48a938 advisory. [email protected] reports: In FRRouting (FRR) through 9.1, there are multiples vulnerabilities. ...
7.6AI Score
0.0004EPSS
FreeBSD : electron29 -- multiple vulnerabilities (0e73964d-053a-481a-bf1c-202948d68484)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0e73964d-053a-481a-bf1c-202948d68484 advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...
8.8CVSS
7.6AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.038EPSS
Summary A cross-site request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-31902 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and.....
4.3CVSS
6.4AI Score
0.0004EPSS
Summary A vulnerability in Oracle MySQL Connectors used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-22102 DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause.....
8.3CVSS
5.8AI Score
0.001EPSS
Summary Multiple vulnerabilities in Open Container Initiative runc used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2024-21626 DESCRIPTION: **Open Container Initiative runc could allow a remote attacker to bypass security restrictions, caused by an...
8.6CVSS
7.8AI Score
0.051EPSS
Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50964 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...
5.4CVSS
5.9AI Score
0.0004EPSS
Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Vulnerability Details ** CVEID: CVE-2024-35153 DESCRIPTION: **IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...
4.8CVSS
6.2AI Score
0.0004EPSS
Summary An improper error handling vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50953 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical error...
5.4CVSS
5.8AI Score
0.0004EPSS
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35119 DESCRIPTION: **IBM InfoSphere Information Server could allow a remote attacker to obtain sensitive information when a detailed technical...
5.3CVSS
6AI Score
0.0004EPSS
Summary A code execution vulnerability in Eclipse JGit used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-4759 DESCRIPTION: **Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...
8.8CVSS
7.6AI Score
0.001EPSS
Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2023-3817 DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DH_check(), DH_check_ex() or EVP_PKEY_param_check()...
7.5CVSS
7.8AI Score
0.003EPSS
Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....
4.3CVSS
5.9AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details ** CVEID: CVE-2024-27268 DESCRIPTION: **IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is...
5.9CVSS
7.7AI Score
0.0004EPSS
Summary A vulnerability in tqdm used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-34062 DESCRIPTION: **tqdm could allow a local authenticated attacker to execute arbitrary code on the system, caused by a CLI arguments injection . By sending a specially...
4.8CVSS
5.6AI Score
0.0004EPSS
Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-35022 DESCRIPTION: **IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS...
4CVSS
6.1AI Score
0.0004EPSS
Summary A stored cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-28794 DESCRIPTION: **IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
5.4CVSS
5.7AI Score
0.0004EPSS
Summary A vulnerability in Psf Requests used by InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2024-35195 DESCRIPTION: **Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...
5.6CVSS
6.1AI Score
0.0004EPSS
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
3.7CVSS
4.1AI Score
0.0004EPSS