Lucene search
K

50 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 4:23 a.m.13 views

Security Bulletin: The IBM Maximo Application Suite AI-Service component uses multiple third-party dependencies that contain vulnerabilities associated with multiple CVEs.

Summary The IBM Maximo Application Suite AI-Service component uses"base-x-4.0.0.tgz, body-parser-1.20.2.tgz, cross-spawn-7.0.3.tgz, glob-10.4.2.tgz, path-to-regexp-0.1.7.tgz, qs-6.13.0.tgz, qs-6.14.0.tgz, qs-6.5.3.tgz, urllib3-2.6.2-py3-none-any.whl" which are vulnerable to "CVE-2025-27611,...

8.9CVSS6.6AI score0.03092EPSS
Exploits3Affected Software1
Atlassian
Atlassian
added 2025/11/13 12:10 a.m.16 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-21538

This High severity vulnerability known as CVE-2024-21538 was introduced in 6.0.5, 7.0.3, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 9.4.0, 8.19.12, 8.19.13, 9.4.1, 9.4.2, 8.19.14, 9.4.3, 8.19.15 of Bitbucket Data Center and Server. This...

8.7CVSS6.8AI score0.00873EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 8:33 a.m.2 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS6.5AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 5:53 p.m.9 views

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/30 6:16 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS7.2AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/23 4:27 p.m.3 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service due to the cross-spawn package (CVE-2024-21538)

Summary Cross-spawn is used by DataStage on Cloud Pak for Data as part of child process spawning. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due ...

8.7CVSS6.1AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/17 8:19 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to cross-spawn ( CVE-2024-21538 )

Summary Potential vulnerabilities in cross-spawn module CVE-2024-21538 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular...

8.7CVSS8.6AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/17 4:43 a.m.13 views

Security Bulletin: Vulnerability in cross-spawn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in cross-spawn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.7CVSS6.5AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/07 1:44 p.m.18 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]

Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...

8.7CVSS6.2AI score0.00873EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/03/11 9:16 a.m.29 views

Important: Red Hat Security Advisory: RHODF-4.18-RHEL-9 enhancement, bug fix and security update

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.18.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

9.1CVSS6.8AI score0.03153EPSS
Exploits2References67
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-21538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

8.7CVSS6.3AI score0.00873EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 3:25 a.m.6 views

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

8.7CVSS7.4AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/10 12:59 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cross-spawn-7.0.3.tgz CVE-2024-21538. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are...

8.7CVSS7.4AI score0.00873EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.10 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 / reaper (CVE-2024-21538)

The version of nodejs / nodejs18 / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21538 advisory. - Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

8.7CVSS6.4AI score0.00873EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/07 4:37 p.m.14 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-21538

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attack...

8.7CVSS6.3AI score0.00873EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/05 9:48 a.m.31 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538

Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS6.8AI score0.01102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.35 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)

Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...

8.7CVSS6.3AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/27 2:30 p.m.24 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

8.7CVSS6.8AI score0.01157EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/01/09 12:0 a.m.2 views

Medium: nodejs

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

8.7CVSS6.9AI score0.00873EPSS
Exploits0
Amazon
Amazon
added 2025/01/09 12:0 a.m.2 views

Medium: nodejs20

Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...

8.7CVSS6.9AI score0.00873EPSS
Exploits0
Rows per page
Query Builder