419 matches found
EUVD-2022-53170
Malicious code in bioql PyPI...
EUVD-2022-35816
Malicious code in bioql PyPI...
EUVD-2022-27472
Malicious code in bioql PyPI...
EUVD-2022-43526
Malicious code in bioql PyPI...
EUVD-2022-53169
Malicious code in bioql PyPI...
EUVD-2022-53168
Malicious code in bioql PyPI...
EUVD-2022-53167
Malicious code in bioql PyPI...
Security Bulletin: IBM DataPower Gateway affected by issues in Java Runtime
Summary IBM DataPower Gateway does not itself use Java, but certain bundled integrations do e.g. JDBC, IMS Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiali...
Security Bulletin: IBM DataPower Gateway affected by timing side-channel in OpenSSL (CVE-2024-13176)
Summary IBM DataPower Gateway uses OpenSSL for most cryptographic operations. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing...
Security Bulletin: IBM DataPower Gateway vulnerable to multiple CVEs in zlib
Summary IBM DataPower Gateway uses ZLib in reading and writing configuration exports and for handling compressed traffic Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...
Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in OS kernel
Summary The following CVEs in the OS kernel may affect IBM DataPower Gateway Vulnerability Details CVEID:CVE-2023-52458 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add...
CVE-2022-40228
IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527...
Security Bulletin: IBM DataPower Gateway vulnerable to DoS
Summary This issue may result in a memory leak. Vulnerability Details CVEID:CVE-2024-26935 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to unremoved procfs host directory regression. A local authenticated attacker could exploit this vulnerability to...
Security Bulletin: IBM DataPower Gateway does not force a Gateway Peering password change
Summary The DataPower UI does not notify customers of any gateway-peering instance that uses the system default password. The UI will now warn if the password is not changed. Vulnerability Details CVEID:CVE-2022-31776 DESCRIPTION: IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through...
Security Bulletin: IBM DataPower Gateway may permit admin users to view and edit files that are not allowed to be read via RBM access rights (CVE-2022-22326)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-22326 DESCRIPTION: IBM MQ Appliance could allow unauthorized viewing of logs and files due to insufficient authorisation checks. CVSS Base score: 4 CVSS Temporal Score: See:...
Security Bulletin: IBM DataPower Gateway vulnerable to denial of service and remote code execution through use of Redis
Summary IBM DataPower Gateway uses Redis internally for gateway peering. Vulnerability Details CVEID:CVE-2024-46981 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and...
Security Bulletin: IBM DataPower Gateway vulnerable to denial of service due to rustls
Summary Rustls is used in gateway peering Vulnerability Details CVEID:CVE-2024-11738 DESCRIPTION: A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message. CWE:CWE-248: Uncaught Exception CVSS Source:...
Security Bulletin: IBM DataPower Gateway vulnerable to naming confusion (CVE-2024-12224)
Summary idna is used in the GitOps feature. Vulnerability Details CVEID:CVE-2024-12224 DESCRIPTION: idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal...
Security Bulletin: IBM DataPower Gateway does not invalidate active sessions on a password change (CVE-2022-40228)
Summary If a user password is changed, IBM DataPower Gateway does not immediately invalidate existing active sessions that were created with the old password. This means that a session created using a compromised password could continue to operate after the password has been changed until the...
Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-53088)
Summary IBM DataPower Gateway uses the ethernet driver on hardware platforms. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the...