Lucene search
K

46 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/29 9:7 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Json-smart

Summary A vulnerability has been identified in Json-smart library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION:Json-smart is a performance focused, JSON processor lib. When reaching a ‘‘ or ‘‘ character in the JSON...

7.5CVSS6.3AI score0.01119EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/01 4:36 p.m.5 views

json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370...

7.5CVSS7.1AI score0.00566EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/07/01 12:0 a.m.8 views

RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:10097)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10097 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...

8.7CVSS7.1AI score0.01119EPSS
Exploits1References10
vulnersOsv
vulnersOsv
added 2025/02/06 6:31 a.m.7 views

ai.ancf.lmos:arc-runner (>=0.1.1 <=0.120.0), ai.bizone:json-transform (>=1.0.0 <=1.16.0) +5216 more potentially affected by CVE-2023-1370 +1 more via net.minidev:json-smart (>=2.5.0 <=2.5.1)

net.minidev:json-smart MAVEN version =2.5.0, =0.1.1, =1.0.0, =0.6.0, =0.5.0, =0.7.0, =3.10.0.5, =0.5.0, =0.1.0, =1.5.3.RELEASE, =1.5.4.RELEASE, =1.5.4.RELEASE, =2.0.0, =1.3.3, =1.4.0 and more Source cves: CVE-2023-1370, CVE-2024-57699 Source advisory: OSV:GHSA-PQ2G-WX69-C263...

7.5CVSS6.6AI score0.01119EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/02/06 6:31 a.m.91 views

Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS. This issue exists because of an incomplete fix for...

7.5CVSS7.6AI score0.00566EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/30 8:24 p.m.68 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.7.0 release and security update

Red Hat AMQ Streams 2.7.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.4AI score0.99931EPSS
Exploits46References25
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.33 views

RHEL 8 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3362 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

7.5CVSS6.6AI score0.01119EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.43 views

RHCOS 4 : OpenShift Container Platform 4.10.61 (RHSA-2023:3362)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3362 advisory. - json-smart: Uncontrolled Resource Consumption vulnerability in json-smart Resource Exhaustion CVE-2023-1370 Note that Nessus has not tested...

7.5CVSS6.8AI score0.01119EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 6:29 p.m.41 views

Security Bulletin: There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-1471, CVE-2023-1370 and CVE-2021-42550)

Summary There are multiple vulnerabilities in mas-data-dictionary-lib-1.0.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the syste...

9.8CVSS9.3AI score0.99615EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 8:27 p.m.61 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based...

9.8CVSS10AI score0.99615EPSS
Exploits23Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/07 1:41 p.m.62 views

Moderate: Red Hat Security Advisory: AMQ Clients 2023.Q4

An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

9.8CVSS7.1AI score0.99615EPSS
Exploits12References13
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 8:58 p.m.26 views

Security Bulletin: mas-data-dictionary-lib-1.0.3.jar is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses mas-data-dictionary-lib-1.0.3.jar which is vulnerable to CVE-2022-1471, CVE-2023-1370, and PRISMA-2023-0067. Vulnerability Details CVEID: CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute...

9.8CVSS8.7AI score0.99615EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/05 8:19 p.m.46 views

Security Bulletin: IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service

Summary IBM Spectrum Symphony with json-smart-v2 is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a specially crafted input, a...

7.5CVSS7.5AI score0.023EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 9:24 p.m.51 views

Security Bulletin: Mutiple Vulnerabilties Affecting IBM Watson Machine Learning Accelerator

Summary IBM Watson Machine Learning Accelerator 1.2.x is vulnerable to several vulnerabilities coming from dependent compoents. These are addressed. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.8AI score0.01122EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/18 4:13 p.m.39 views

Security Bulletin: netplex json-smart-v2 component is vulnerable to CVE-2023-1370 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses netplex json-smart-v2 package which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By sending a...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.45 views

Oracle Primavera Unifier (Jul 2023 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Security-in-Depth issue in the Primavera Unifier product of Oracle Construction and Engineering component: User Interface JSZip. This vulnerabilit...

7.5CVSS6.9AI score0.46836EPSS
Exploits2References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 7:21 p.m.44 views

Security Bulletin: Netplex json-smart-v2 is vulnerable to CVE-2023-1370 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Netplex json-smart-v2 which is vulnerable to CVE-2023-1370. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.60 views

Oracle Primavera Gateway (Jul 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Commons Net. Supported versions that...

7.5CVSS6.5AI score0.01858EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/14 10:12 p.m.53 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in netplex json-smart-v2 (CVE-2023-1370)

Summary A denial of service vulnerability in netplex json-smart-v2 used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. By...

7.5CVSS7.7AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/06 6:5 p.m.32 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to netplex json-smart-v2 denial of service vulnerability( CVE-2023-1370)

Summary Potential netplex json-smart-v2 denial of service vulnerability CVE-2023-1370 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is...

7.5CVSS7.5AI score0.01119EPSS
Exploits1Affected Software1
Rows per page
Query Builder