Lucene search
K

24 matches found

OSV
OSV
added 2026/06/18 10:30 a.m.10 views

ROOT-APP-MAVEN-CVE-2023-34454 CVE-2023-34454 in io.root.org.xerial.snappy:snappy-java - Patched by Root

Root has patched CVE-2023-34454 in the io.root.org.xerial.snappy:snappy-java package for Root:Maven. Multiple fixed versions available...

5.9CVSS5.3AI score0.01469EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:32 a.m.7 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java

Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...

7.5CVSS5.5AI score0.01762EPSS
Exploits3Affected Software1
Wolfi
Wolfi
added 2025/03/15 10:43 a.m.34 views

CVE-2023-34454 vulnerabilities

Vulnerabilities for packages: druid...

7.5CVSS7.1AI score0.01469EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 10:27 a.m.20 views

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to a denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34454 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the compress function. By sending a specially crafted...

7.5CVSS6.9AI score0.01469EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:44 a.m.33 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:44 a.m.30 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/14 8:43 a.m.55 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF15 patch Vulnerability Details CVEID:CVE-2022-44729 DESCRIPTION: Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open...

9.8CVSS10AI score0.09254EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 2:2 p.m.34 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused...

7.5CVSS7.5AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 4:10 p.m.74 views

Security Bulletin: Netcool Operations Insights 1.6.11 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.11 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

9.8CVSS9.4AI score0.99615EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/14 7:45 p.m.30 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID: CVE-2022-46363 DESCRIPTION: Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list...

7.5CVSS8.5AI score0.20459EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/27 2:32 p.m.74 views

Security Bulletin: There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453)

Summary There is a vulnerability in snappy-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the hasNextChunk...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 6:7 p.m.64 views

Security Bulletin: IBM Maximo Asset Management is affected by multiple vulnerabilities (CVE-2023-34455, CVE-2023-34454, CVE-2023-34453) in snappy-java.

Summary IBM Maximo Asset Management is affected by multiple vulnerabilities CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 in snappy-java. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in th...

7.5CVSS7.4AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 1:28 p.m.32 views

Security Bulletin: Vulnerabilities in snappy-java might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in snappy-java. Vulnerabilities including a remote attacker could exploit these vulnerabilities to cause a denial of service condition, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Detai...

7.5CVSS7.4AI score0.01762EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/09/14 9:51 a.m.37 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.3AI score0.99615EPSS
Exploits13References19
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:37 a.m.56 views

Security Bulletin: IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454)

Summary IBM Event Streams is affected by snappy-java vulnerabilities CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a special...

7.5CVSS7.1AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/14 8:42 a.m.43 views

Security Bulletin: Kafka nodes in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454).

Summary Kafka nodes in IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a denial of service due to snappy-java CVE-2023-34453, CVE-2023-34455, CVE-2023-34454. The resolving fix includes Kafka 3.5.1 which includes snappy-java 1.1.10.1 Vulnerability Details CVEID:CVE-2023-34453...

7.5CVSS6.8AI score0.01762EPSS
Exploits2Affected Software2
RedhatCVE
RedhatCVE
added 2023/08/08 5:21 p.m.65 views

CVE-2023-34454

A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...

5.9CVSS6.9AI score0.01469EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/27 4:3 p.m.39 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to denial of service due to [CVE-2023-34453], [CVE-2023-34454], [CVE-2023-34455]

Summary Java component snappy-java is used by Kafka in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use Kafka nodes are vulnerable to denial of service. This bulletin provides patch informatio...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 9:0 p.m.33 views

Security Bulletin: Snappy-java is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses snappy-java which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially...

7.5CVSS6.9AI score0.01762EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/07/08 11:5 a.m.6 views

OESA-2023-1398 snappy-java security update

A Java port of the snappy, a fast compresser/decompresser written in C++. Security Fixes: snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function...

7.5CVSS7.3AI score0.01762EPSS
Exploits1References3
Rows per page
Query Builder