Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 11:1 p.m.34 views

Security Bulletin: IBM Cloud Pak for Data has a vulnerable base OS image due to kernel-headers ( CVE-2022-1012, CVE-2022-32250 )

Summary Kernel-headers used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-1012, CVE-2022-32250. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb...

8.2CVSS7.6AI score0.02972EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/27 5:56 p.m.25 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to expose sensitive information due to RubyGems activesupport ( CVE-2023-38037 )

Summary RubyGems activesupport is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-38037. Vulnerability Details CVEID:CVE-2023-38037 DESCRIPTION: RubyGems activesupport gemcould allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the...

5.5CVSS5.3AI score0.00258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 8:4 p.m.22 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to regular expression denial of service due to Rack ( CVE-2023-27539 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-27539. Vulnerability Details CVEID:CVE-2023-27539 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the header parsing component. By sending a...

5.3CVSS7.1AI score0.01063EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 8:1 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )

Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

7.5CVSS8AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:45 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )

Summary Node.js undici module is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-30261, CVE-2024-30260. Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with...

4.3CVSS4AI score0.00803EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:38 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )

Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...

5.3CVSS5.4AI score0.01404EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:20 p.m.47 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )

Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...

7.5CVSS6.9AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:5 p.m.32 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )

Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...

7.5CVSS7.5AI score0.02453EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:57 p.m.31 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

7.5CVSS7.4AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:33 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )

Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...

8.1CVSS8.4AI score0.03025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:21 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)

Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. CVE-2024-33531 Vulnerability Details CVEID:CVE-2024-33531 DESCRIPTION: lua-resty-jwt could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially...

8.1CVSS6.7AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/29 9:44 p.m.27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js - follow-redirects-1.15.4

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js - follow-redirects-1.15.4 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by...

6.5CVSS6.6AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/19 8:16 p.m.32 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go compiler ( CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30634 Vulnerability Details CVEID:CVE-2022-29804 DESCRIPTION: Golang Go could allow a local attacker to bypass security restrictions, caused by a flaw in t...

7.8CVSS7.9AI score0.0187EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/30 5:34 p.m.43 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in postgresql-42.3.2.jar Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements when using...

10CVSS9.6AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 6:29 p.m.33 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind [CVE-2023-35116]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Fasterxml jackson-databind, caused by a stack-based overflow CVE-2023-35116. Fasterxml jackson-databind is used in our Speech microservices. This vulnerabilitiy has been addressed. Plea...

4.7CVSS6AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 6:23 p.m.33 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL [CVE-2024-0985]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to security restrictions bypass in PostgreSQL, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY CVE-2024-0985. PostgreSQL is included as part of the utilities used by our Speech Services...

8CVSS8.2AI score0.01465EPSS
Exploits0Affected Software1
Rows per page
Query Builder