IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999. Date published : 2021-05-14 https://www.ibm.com/support/pages/node/6453103...
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and...
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642. Date published : 2021-05-14 https://www.ibm.com/support/pages/node/6452743 https://exchange.xforce.ibmcloud.com/vulnerabilities/192642
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper input validation. Date...
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The...
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c. Date published : 2021-05-14 https://bugzilla.redhat.com/show_bug.cgi?id=1894690
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa...
The NPort IA5000A Series devices use Telnet as one of the network device management services. Telnet does not support the encryption of client-server communications, making it vulnerable to Man-in-the-Middle attacks. Date published : 2021-05-14...
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key”...
By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. Date published :...
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for...
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. Date published : 2021-05-14 https://github.com/upx/upx/issues/388 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSQRO7YC72PSYDQG4PQLQYXZTZE3B4YV/
YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. Date published : 2021-05-14 https://github.com/lxw1844912514/YFCMF/issues/1