Bartlomiej Balcerek

#12559de 53,635
21.6CVSS total
Vulnerabilidades · 3
Média
1
Alta
2
PT-2015-3780
6.9
2015-02-13
Ibm · Ibm Tivoli Storage Manager · CVE-2014-4813
**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Storage Manager versions 5.4.0.0 through 5.4.3.6 IBM Tivoli Storage Manager versions 5.5.0.0 through 5.5.4.3 IBM Tivoli Storage Manager versions 6.1.0.0 through 6.1.5.6 IBM Tivoli Storage Manager versions 6.2 before 6.2.5.4 IBM Tivoli Storage Manager versions 6.3 before 6.3.2.3 IBM Tivoli Storage Manager versions 6.4 before 6.4.2.1 IBM Tivoli Storage Manager versions 7.1 before 7.1.1 **Description** A race condition in the client component of IBM Tivoli Storage Manager allows local users to obtain root privileges via unspecified vectors. This issue affects installations on UNIX and Linux systems. **Recommendations** For versions 5.4.0.0 through 5.4.3.6, update to a version after 5.4.3.6. For versions 5.5.0.0 through 5.5.4.3, update to a version after 5.5.4.3. For versions 6.1.0.0 through 6.1.5.6, update to a version after 6.1.5.6. For versions 6.2 before 6.2.5.4, update to version 6.2.5.4 or later. For versions 6.3 before 6.3.2.3, update to version 6.3.2.3 or later. For versions 6.4 before 6.4.2.1, update to version 6.4.2.1 or later. For versions 7.1 before 7.1.1, update to version 7.1.1 or later.
PT-2013-4425
7.2
2013-06-05
Ibm · Ibm Db2 · CVE-2013-3475
**Name of the Vulnerable Software and Affected Versions** IBM DB2 and DB2 Connect versions 9.1 through 10.1 **Description** A stack-based buffer overflow issue exists in the Audit Facility of IBM DB2, allowing local users to gain privileges. The issue is related to the db2aud component. **Recommendations** For IBM DB2 and DB2 Connect versions 9.1 through 10.1, update to a version that contains a fix for this issue.
PT-2011-4184
7.5
2011-08-15
Terascale · Torque Resource Manager · CVE-2011-2907
**Name of the Vulnerable Software and Affected Versions** Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) versions 3.0.1 and earlier **Description** The issue allows remote attackers to bypass host-based authentication and submit arbitrary jobs. This is achieved by modifying the `PBS O HOST` variable and submitting it to the qsub program. **Recommendations** For versions 3.0.1 and earlier, consider restricting access to the qsub program to prevent arbitrary job submissions until a fix is available. As a temporary workaround, monitor and limit modifications to the `PBS O HOST` variable to minimize the risk of exploitation.