AZL-66017 CVE-2024-58266 affecting package rust 1.72.0-14

The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the and \xa0 characters, which may facilitate command injection...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in braces-3.0.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of braces-3.0.2.tgz Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to a denial of service via Node.js braces module (CVE-2024-4068)

Summary Node.js braces module is used by IBM Storage Fusion Data Foundation as part of CVE-2024-4068 which may lead denial of services. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. Vulnerability Details CVEID:CVE-2024-4068...

UBUNTU-CVE-2024-57699

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

Netplex Json-smart 安全漏洞

Netplex Json-smart is a JSON Java parser from Netplex open source. A security vulnerability exists in Netplex Json-smart versions 2.5.0 through 2.5.1, which stems from a denial of service that can be triggered by stack exhaustion when loading a specially crafted JSON input containing a large numb...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]

Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...

Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses braces-3.0.2.tgz package which is vulnerable to CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

AZL-62381 CVE-2024-47541 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style override codes,...

ALPINE-CVE-2024-47541

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style override codes,...

UBUNTU-CVE-2024-47541

GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gstssaparseremoveoverridecodes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA SubStation Alpha style override codes,...

micromatch: vulnerable to Regular Expression Denial of Service

A flaw was found in the NPM package micromatch where it is vulnerable to a regular expression denial of service ReDoS. The issue occurs in micromatch.braces in index.js because the pattern . will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking t...

Security update for pgadmin4

This update for pgadmin4 fixes the following issues: CVE-2024-38355: Fixed socket.io: unhandled 'error' event bsc1226967 CVE-2024-38998: Fixed requirejs: prototype pollution via function config bsc1227248 CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts..configure...

ROS-20241029-08

Vulnerability in the OpenSearch software package related to improper validation of the nextUrl parameter. Exploitation of the vulnerability could allow an attacker to redirect a user to a malicious site A vulnerability in the server.maxHeadersCount configuration of the ws client-server library in...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

braces: fails to limit the number of characters it can handle

A flaw was found in the NPM package braces. It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, causing the program to start allocating heap memory...

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js Braces module (CVE-2024-4068)

Summary The Braces module is used by IBM DataPower Gateway in its UI Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in...

Security Bulletin: IBM Data Product Hub uses Node.js micromatch & braces modules which are vulnerable to a denial of service (CVE-2024-4067 & CVE-2024-4068)

Summary IBM Data Product Hub has dependencies on Node.js micromatch & braces modules which are vulnerable to a denial of service CVE-2024-4067 & CVE-2024-4068. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js braces

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js braces Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading...