Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

CVE-2022-38749 affecting package snakeyaml 1.25-2

CVE-2022-38749 affecting package snakeyaml 1.25-2. This CVE either no longer is or was never applicable...

Security Bulletin: Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated.

Summary Multiple vulnerabilities in open source libraries affect IBM® Db2® Federated. These vulnerabilities were fixed in the images published on December 01, 2023 but the CVEs were not included in the bulletin. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote...

Moderate: Red Hat Security Advisory: AMQ Clients 2023.Q4

An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

GLSA-202305-28 : snakeyaml: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-28 snakeyaml: Multiple Vulnerabilities - The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. CVE-2017-18640 - Using snakeYAML to parse untrusted YAML...

RLSA-2023:2097 Important: Satellite 6.13 Release

Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: CVE-2022-1471 CVE-2022-25857 CVE-2022-38749...

Satellite 6.13 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

Security Bulletin: Multiple Vulnerabilities related to SnakeYAML in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2022-38750, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749)

Summary Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks DOS. While deserializing unknown yaml content can lead to remote code execution. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a...

OESA-2023-1162 snakeyaml security update

SnakeYAML is a YAML parser and emitter for the Java Virtual Machine. YAML is a data serialization format designed for human readability and interaction with scripting languages. Security Fixes: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missi...

Ubuntu: Security Advisory (USN-5944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5944-1: SnakeYAML vulnerabilities

It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a user or automated system were tricked into opening a specially crafted YAML file, an attacker could possibly use this issue to cause applications using SnakeYAML to crash, resultin...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SnakeYAML vulnerabilities (USN-5944-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5944-1 advisory. It was discovered that SnakeYAML did not limit the maximal nested depth for collections when parsing YAML data. If a...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple issues due to SnakeYAML

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from SnakeYAML. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

Security Bulletin: IBM Cloud Pak for Multicloud Management is vulnerable to denial of service attacks due to snakeYAML

Summary SnakeYAML is used by some components of IBM Cloud Pak for Multicloud Management and it is vulnerable to a denial of service attacks. CVE-2022-25857, CVE-2022-38751, CVE-2022-38752, CVE-2022-38749, CVE-2022-38750 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package...

Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitatio...

Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in SnakeYAML (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 & CVE-2022-38752)

Summary A denial of service issue was identified within SnakeYAML that is used by Fabric Gateway. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. Vulnerability Details...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process YAML data may be vulnerable to denial of service due to CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752

Summary SnakeYAML is used by IBM App Connect Enterprise Certified Container for processing YAML data. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...