Latest ibm security guardium Vulnerabilities

CVE-2023-47709
IBM Security Guardium command injection
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium<=12.0
IBM-7150840
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium<=12.0
CVE-2023-47711
IBM Security Guardium denial of service
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium<=12.0
CVE-2023-47712
IBM Security Guardium privilege escalation
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium<=12.0
CVE-2023-34054
Reactor Netty HTTP Server Metrics DoS Vulnerability
Pivotal Reactor Netty<1.0.39
Pivotal Reactor Netty>=1.1.0<1.1.13
maven/io.projectreactor.netty:reactor-netty-http>=1.0.0<1.0.39
maven/io.projectreactor.netty:reactor-netty-http>=1.1.0<1.1.13
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
and 2 more
IBM-7069241
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM BM Security Guardium<=12.0
CVE-2023-42004
IBM Security Guardium CSV injection
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
and 1 more
CVE-2023-34062
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversa...
Pivotal Reactor Netty>=1.0.0<1.0.39
Pivotal Reactor Netty>=1.1.0<1.1.13
maven/io.projectreactor.netty:reactor-netty-http>=1.0.0<1.0.39
maven/io.projectreactor.netty:reactor-netty-http>=1.1.0<1.1.13
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
and 2 more
CVE-2023-34059
- File Descriptor Hijack vulnerability in open-vm-tools
Vmware Open Vm Tools>=11.0.0<=12.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
debian/open-vm-tools<=2:10.3.10-1+deb10u2
ubuntu/open-vm-tools<2:11.0.5-4ubuntu0.18.04.3+
and 10 more
CVE-2023-34058
- SAML Token Signature Bypass in open-vm-tools
Vmware Open Vm Tools>=11.0.0<=12.3.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Debian Debian Linux=12.0
VMware Tools>=10.3.0<12.3.5
Microsoft Windows
and 15 more
CVE-2023-5367
Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
debian/xorg-server<=2:1.20.4-1+deb10u4<=2:1.20.11-1+deb11u6
debian/xwayland<=2:22.1.9-1
ubuntu/xorg-server<2:1.15.1-0ubuntu2.11+
ubuntu/xorg-server<2:1.18.4-0ubuntu0.12+
ubuntu/xorg-server<2:1.19.6-1ubuntu4.15+
ubuntu/xorg-server<21.1.9
and 31 more
CVE-2022-43906
IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.
IBM Security Guardium=11.5
Linux Linux kernel
CVE-2022-43903
IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticated user to cause a denial of service due to due to improper input validation. IBM X-Force ID: 240894.
IBM Security Guardium=10.6
IBM Security Guardium=11.3
IBM Security Guardium=11.4
Linux Linux kernel
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
and 2 more
IBM-7030110
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-43904
IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.
IBM Security Guardium=11.3
IBM Security Guardium=11.4
CVE-2023-30437
IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-7028511
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2023-33852
IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in t...
IBM Security Guardium=11.4
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-43909
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...
IBM Security Guardium=11.4
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2023-30435
IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun...
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2023-30436
IBM Security Guardium is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
IBM-7028506
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-43907
IBM Security Guardium 11.4 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.
IBM Security Guardium=11.4
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-7028514
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-7027853
IBM Security Guardium<=10.6
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2023-35893
IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 25882...
IBM Security Guardium=10.6
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
Linux Linux kernel
IBM Security Guardium<=10.6
and 3 more
IBM-7007815
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-43910
IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908.
IBM Security Guardium=11.3
Linux Linux kernel
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-43908
IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.
IBM Security Guardium=11.3
Linux Linux kernel
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2023-0041
IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. IBM X-Force ID: 243657.
IBM Security Guardium=11.5
Linux Linux kernel
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-7000021
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-6999317
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-22307
IBM Security Guardium could allow a local user to obtain elevated privileges due to incorrect authorization checks.
IBM BM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM Security Guardium=11.3
IBM Security Guardium=11.4
IBM Security Guardium=11.5
and 1 more
CVE-2023-22809
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisi...
<13.4
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Sudo Project Sudo>=1.8.0<1.9.12
Sudo Project Sudo=1.9.12
and 20 more
CVE-2022-4378
A flaw stack overflow in the Linux Kernel found. If user have access to SYSCTL (dynamically changing certain kernel parameters and variables), then can provide incorrect input to the function do_proc_...
Linux Linux kernel>=4.9.0<=4.9.337
Linux Linux kernel>=4.14.0<=4.14.302
Linux Linux kernel>=4.19.0<=4.19.269
Linux Linux kernel>=5.4.0<=5.4.228
Linux Linux kernel>=5.10.0<=5.10.162
Linux Linux kernel>=5.15.0<=5.15.86
and 102 more
CVE-2022-39166
IBM Security Guardium 11.4 could allow a privileged user to obtain sensitive information inside of an HTTP response. IBM X-Force ID: 235405.
IBM Security Guardium=11.4
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
IBM-6848317
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
CVE-2022-42889
Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
redhat/jenkins<2-plugins-0:4.11.1683009941-1.el8
redhat/jenkins<2-plugins-0:4.12.1683009955-1.el8
redhat/jenkins<2-plugins-0:4.13.1684911916-1.el8
redhat/jenkins<2-plugins-0:4.10.1680703106-1.el8
redhat/jenkins<2-plugins-0:4.9.1680069756-1.el8
redhat/candlepin<0:4.1.18-1.el8
and 47 more
CVE-2022-41974
OpenSVC multipath-tools for Linux could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an authorization bypass flaw in the multipathd daemon. By sending a ...
redhat/device-mapper-multipath<0:0.4.9-136.el7_9
redhat/device-mapper-multipath<0:0.8.4-22.el8_6.2
redhat/device-mapper-multipath<0:0.8.0-5.el8_1.1
redhat/device-mapper-multipath<0:0.8.3-3.el8_2.7
redhat/device-mapper-multipath<0:0.8.4-10.el8_4.4
redhat/device-mapper-multipath<0:0.8.7-7.el9_0.1
and 8 more
CVE-2022-34917
Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to allocate large amo...
Apache Kafka>=2.8.0<2.8.2
Apache Kafka>=3.0.0<3.0.2
Apache Kafka>=3.1.0<3.1.2
Apache Kafka>=3.2.0<3.2.3
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
and 9 more
CVE-2022-40674
A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by...
redhat/expat<0:2.0.1-15.el6_10
redhat/compat-expat1<0:1.95.8-9.el6_10
redhat/expat<0:2.1.0-15.el7_9
redhat/firefox<0:102.3.0-7.el7_9
redhat/thunderbird<0:102.3.0-4.el7_9
redhat/thunderbird<0:102.3.0-4.el8_6
and 29 more
CVE-2022-31676
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root u...
VMware Tools>=10.0.0<12.1.0
Microsoft Windows
VMware Tools>=10.0.0<10.3.25
VMware Tools>=11.0.0<12.1.0
Linux Linux kernel
Debian Debian Linux=10.0
and 9 more
CVE-2022-37434
A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call in...
redhat/zlib<0:1.2.7-21.el7_9
redhat/zlib<0:1.2.11-19.el8_6
redhat/rsync<0:3.1.3-19.el8
redhat/zlib<0:1.2.11-32.el9_0
redhat/rsync<0:3.2.3-18.el9
debian/zlib<=1:1.2.11.dfsg-1<=1:1.2.11.dfsg-4<=1:1.2.11.dfsg-2+deb11u1
and 63 more
CVE-2022-29154
Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnera...
Samba Rsync<3.2.5
Fedoraproject Fedora=35
Fedoraproject Fedora=36
redhat/rsync<3.2.5
redhat/rsync<0:3.1.2-11.el7_9
redhat/rsync<0:3.1.3-14.el8_6.3
and 7 more
CVE-2022-2526
systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in "resolved-dns-st...
redhat/systemd<0:219-78.el7_9.7
redhat/systemd<0:239-58.el8_6.4
redhat/systemd<0:239-18.el8_1.11
redhat/systemd<0:239-31.el8_2.9
redhat/systemd<0:239-45.el8_4.12
IBM BM Security Guardium<=11.3
and 13 more
IBM-6598759
IBM Security Guardium<=11.4
CVE-2022-24903
rsyslog is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the TCP syslog server (receiver) components. By sending a specially-crafted request, a remote attacker coul...
redhat/rsyslog<0:5.8.10-12.el6_10.1
redhat/rsyslog7<0:7.4.10-7.el6_10.1
redhat/rsyslog<0:8.24.0-57.el7_9.3
redhat/rsyslog<0:8.2102.0-7.el8_6.1
redhat/rsyslog<0:8.37.0-13.el8_1.1
redhat/rsyslog<0:8.1911.0-3.el8_2.1
and 15 more
CVE-2021-39076
IBM Security Guardium=10.5
IBM Security Guardium=11.3
Linux Linux kernel
CVE-2021-39072
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulner...
IBM Security Guardium=11.3
Linux Linux kernel
CVE-2021-39077
IBM Security Guardium information disclosure
IBM Security Guardium>=11.0<=11.4
IBM Security Guardium=10.5
IBM Security Guardium=10.6
IBM Security Guardium>=11.0<=11.4
IBM Security Guardium=10.5
IBM Security Guardium=10.6
and 8 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203