Total
300701 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-52895 | 1 Ibm | 1 I | 2025-07-03 | N/A | 6.5 MEDIUM |
IBM i 7.4 and 7.5 is vulnerable to a database access denial of service caused by a bypass of a database capabilities restriction check. A privileged bad actor can remove or otherwise impact database infrastructure files resulting in incorrect behavior of software products that rely upon the database. | |||||
CVE-2025-36004 | 1 Ibm | 1 I | 2025-07-03 | N/A | 8.8 HIGH |
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
CVE-2025-33122 | 1 Ibm | 1 I | 2025-07-03 | N/A | 7.5 HIGH |
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
CVE-2025-3218 | 1 Ibm | 1 I | 2025-07-03 | N/A | 5.4 MEDIUM |
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server. | |||||
CVE-2025-2950 | 1 Ibm | 1 I | 2025-07-03 | N/A | 5.4 MEDIUM |
IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior. | |||||
CVE-2024-55898 | 1 Ibm | 1 I | 2025-07-03 | N/A | 8.5 HIGH |
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. | |||||
CVE-2022-39163 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 4.7 MEDIUM |
IBM Cognos Controller 11.0.0 through 11.1.0 is vulnerable to a Client-Side Desync (CSD) attack where an attacker could exploit a desynchronized browser connection that could lead to further cross-site scripting (XSS) attacks. | |||||
CVE-2024-40702 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 8.2 HIGH |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | |||||
CVE-2024-28778 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 6.5 MEDIUM |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | |||||
CVE-2024-25037 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 4.3 MEDIUM |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | |||||
CVE-2022-22363 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 4.3 MEDIUM |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
CVE-2021-20455 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-03 | N/A | 3.7 LOW |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
CVE-2024-25048 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | N/A | 7.5 HIGH |
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | |||||
CVE-2024-54173 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | N/A | 4.7 MEDIUM |
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. | |||||
CVE-2025-0975 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | N/A | 8.8 HIGH |
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. | |||||
CVE-2025-23225 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | N/A | 6.5 MEDIUM |
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. | |||||
CVE-2024-51471 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | N/A | 5.3 MEDIUM |
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | |||||
CVE-2025-53370 | 2025-07-03 | N/A | 8.6 HIGH | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 3.4.0. | |||||
CVE-2025-53369 | 2025-07-03 | N/A | 8.6 HIGH | ||
Short Description is a MediaWiki extension that provides local short description support. In version 4.0.0, short descriptions are not properly sanitized before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. This issue has been patched in version 4.0.1. | |||||
CVE-2025-53368 | 2025-07-03 | N/A | 8.6 HIGH | ||
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. From versions 1.9.4 to before 3.4.0, page descriptions are inserted into raw HTML without proper sanitization by the Citizen skin when using the old search bar. Any user with page editing privileges can insert cross-site scripting (XSS) payloads into the DOM for other users who are searching for specific pages. This issue has been patched in version 3.4.0. |