Lucene search
+L

75 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.23 views

Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)

Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...

4.3CVSS6.3AI score0.01241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Safer Payments vulnerable to a denial of service issue (CVE-2024-45662)

Summary Buffer overflow and uncontrolled memory allocation errors can occur in MCI when remote systems send arbitrary large requests, leading to Denial of Service. This vulnerability is addressed Vulnerability Details CVEID:CVE-2024-45662 DESCRIPTION: IBM Safer Payments could allow a remote...

7.5CVSS7.5AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.24 views

Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses idna-2.8-py2.py3-none-any.whl which is vulnerable to CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encod...

7.5CVSS6.4AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.28 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)

Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...

7.4CVSS6.9AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafte...

7.5CVSS6.6AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

8.7CVSS6.1AI score0.00658EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/27 12:22 a.m.27 views

Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)

Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...

5.3CVSS6.2AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/02 3:56 p.m.23 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

8.8CVSS8.4AI score0.03028EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/21 9:46 p.m.48 views

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

7.5CVSS7.1AI score0.99995EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:47 p.m.29 views

Security Bulletin: IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks

Summary IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker...

7.5CVSS6.5AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 9:54 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem

Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...

7.5CVSS7.7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:38 a.m.26 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS5.3AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 1:7 p.m.23 views

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

7.5CVSS8.6AI score0.01386EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/22 11:10 a.m.28 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause low integrity impact, low availability impat. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the V...

7.5CVSS6.5AI score0.01361EPSS
Exploits0Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/01 12:0 a.m.14 views

JVN#72148744: Apache Tomcat improper handling of TLS handshake process data

Apache Tomcat provided by The Apache Software Foundation improperly handles TLS handshake process data, which may lead to a denial-of-service DoS condition CWE-770, CVE-2024-38286. Impact Denial-of-service DoS attacks may be conducted through TLS connection. Solution Update the software Update...

8.6CVSS7.3AI score0.01702EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/08/19 12:0 a.m.543 views

Dovecot IMAP Server 2.2 / 2.3 Denial Of Service

Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 Allocation of Resources Without Limits or Throttling Vulnerable version: 2.2, 2.3 Vulnerable component: lib-mail Report confidence: Confirmed Solution status: Fixed in 2.3.21.1 Researcher credits: Vendo...

7AI score0.01284EPSS
Exploits2
ICS
ICS
added 2024/08/15 6:0 a.m.19 views

PTC Kepware ThingWorx Kepware Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable from adjacent network. Vendor : PTC Equipment : Kepware ThingWorx Kepware Server Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...

5.9CVSS5.5AI score0.004EPSS
Exploits0References10
ICS
ICS
added 2024/06/06 6:0 a.m.36 views

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : CC-Link IE TSN Industrial Managed Switch Vulnerability : Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of...

6.5CVSS7.6AI score0.75116EPSS
Exploits0References10
Mageia
Mageia
added 2024/05/29 6:8 p.m.40 views

Updated perl-Email-MIME packages fix security vulnerabilities

An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts. CVE-2024-4140...

7.5CVSS7.3AI score0.01132EPSS
Exploits0References2
NVD
NVD
added 2024/05/02 8:15 p.m.14 views

CVE-2024-4140

An excessive memory use issue CWE-770 exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set from 2020 and 2024 limits excessive depth and the total number of parts...

7.5CVSS7.4AI score0.01132EPSS
Exploits0References12
Rows per page
Query Builder