Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:19 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-55163)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...

8.2CVSS6.5AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:18 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the netty package (CVE-2025-58056)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In...

7.5CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:17 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-58057)

Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...

7.5CVSS6.3AI score0.00561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:15 p.m.11 views

Security Bulletin: Astronomer with IBM is vulnerable to sensitive data leaks or malicious requests due to the Apache tika package (CVE-2025-54988)

Summary Apache tika is used by Astronomer with IBM as part of data parsing functionality. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML...

9.8CVSS6.8AI score0.02962EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:11 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to prototype pollution due to the fast-redact package (CVE-2025-57319)

Summary Fast-redact is used by Astronomer with IBM as part of object redaction functionality. Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of...

7.5CVSS6.3AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:10 p.m.8 views

Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...

8.7CVSS6.5AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/28 7:3 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)

Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...

3.2CVSS6.6AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:46 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to unintentional traffic forwarding due to kube-proxy (CVE-2021-25736)

Summary Kube-proxy is used by Astronomer with IBM as part of Kubernetes functionality. Vulnerability Details CVEID:CVE-2021-25736 DESCRIPTION: Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when t...

6.3CVSS6.1AI score0.00908EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 10:7 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the h11 package (CVE-2025-43859).

Summary The h11 package is used by Astronomer with IBM as part of request processing. This addresses the vulnerability. Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in...

9.1CVSS6.7AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 1:41 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to memory exhaustion due to the Net::IMAP package (CVE-2025-43857)

Summary Net::IMAP is used by Astronomer with IBM as part of the IMAP client functionality. Vulnerability Details CVEID:CVE-2025-43857 DESCRIPTION: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a...

6.5CVSS6.9AI score0.00409EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 10:55 p.m.11 views

Security Bulletin: Astronomer with IBM is vulnerable to buffer overflow due to the OpenSSL package (CVE-2021-3711).

Summary OpenSSL is used by Astronomer with IBM as part of secure communications. Vulnerability Details CVEID:CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By...

9.8CVSS8.2AI score0.87816EPSS
Exploits1Affected Software1
Rows per page
Query Builder