IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minima...
In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed
In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.
In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack...