216 matches found
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-25883)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-25883 Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32002 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a...
Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)
Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js ChromeDriver module (CVE-2023-26156)
Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. Vulnerability Details CVEID: CVE-2023-26156 DESCRIPTION: Node.js ChromeDriver module could allow a remote attacker to execute arbitrary commands on the system, caused by a command injectio...
Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)
Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...
Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27536. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...
Security Bulletin: IBM Event Streams is affected by libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27535. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...
Security Bulletin: IBM Event Streams is affected by a denial of service due to OpenSSL vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4450, CVE-2023-0216. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error relat...
Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability
Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27534. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow ...
Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities
Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4304, CVE-2023-0215, CVE-2023-0286. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454)
Summary IBM Event Streams is affected by snappy-java vulnerabilities CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a special...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2023-29409)
Summary IBM Event Streams is affected by Golang Go vulnerability CVE-2023-29409 Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificat...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)
Summary Vulnerabilities in golang before 1.19.11 affect the golang component that is used by IBM Event Streams CVE-2023-29406. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper conten...
Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)
Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js
Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go
Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...
Security Bulletin: IBM Event Streams is affected by multiple Golang Go vulnerabilities
Summary There are a number of vulnerabilities in Golang Go used by IBM Event Streams CVE-2023-29400, CVE-2023-24540, CVE-2023-24539, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go is vulnerable ...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2022-41723)
Summary IBM Event Streams is affected by golang / golang-xnet vulnerability for version 0.7.0 CVE-2022-41723 Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sending a specially-crafted HTTP/2 stream,...
Security Bulletin: IBM Event Streams is affected by multiple Semaru Java vulnerabilities
Summary IBM Event Streams has addressed the following IBM Semaru Java vulnerabilities before version 17.0.7.0 CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597 Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...
Security Bulletin: IBM Event Streams is affected by vulnerabilities in Golang Go (CVE-2022-41724, CVE-2023-24532)
Summary These security vulnerabilities affect Golang Go that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handsha...