Lucene search
+L

220 matches found

RedHat Linux
RedHat Linux
added 2025/04/07 3:16 p.m.8 views

event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in EDA

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

6.5CVSS5.7AI score0.00379EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/03 4:23 p.m.23 views

Security Bulletin: Multiple Java Vulnerabilities in IBM Event Streams

Summary Multiple Java SE vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.3CVSS6AI score0.01157EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/03/28 2:5 p.m.54 views

CVE-2025-2877 Event-driven-ansible: exposure inventory passwords in plain text when starting a rulebook activation with verbosity set to debug in eda

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

6.5CVSS0.00379EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/04 11:48 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...

9.8CVSS7.9AI score0.01414EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2025/02/12 12:0 a.m.4 views

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from the US-based HashiCorp Inc. for managing containerized and non-containerized applications at scale, both locally and in the cloud. HashiCorp Nomad suffers from a security vulnerability that stems from the fact that Nomad eve...

7.1CVSS6.8AI score0.0043EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:47 p.m.29 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function. By using invalid certifica...

7.5CVSS8.1AI score0.75116EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 10:36 p.m.43 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Eclipse Vert.x component (CVE-2024-1023,CVE-2024-1300).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Vert.x component.It is a toolkit for writing reactive, non-blocking, asynchronous applications that run on the JVM Java Virtual Machine and it provides a non-prescriptive and flexible way to write efficient,...

6.5CVSS6AI score0.01639EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/30 12:0 p.m.14 views

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution on the system due to the Apache Avro component (CVE-2024-47561).

Summary IBM Event Streams is vulnerable to arbitrary code execution on the system. Apache Avro is commonly used in event streams like Apache Kafka to serialize and deserialize event data, providing a structured, efficient, and schema-based format for transmitting messages between producers and...

9.2CVSS7.5AI score0.03256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 2:32 p.m.19 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.2 Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

5CVSS6AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.23 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Commons Compress component (CVE-2024-25710, CVE-2024-26308).

Summary IBM Event Streams is vulnerable to a denial of service due to the Apache Commons Compress component. Commons Compress is a library that creates a standard interface for the most widely used compression and archiving formats. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache...

8.1CVSS6.7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/15 9:28 a.m.18 views

Security Bulletin: Due to the package jsonpath-plus, IBM Event Streams is vulnerable to Remote Code Execution

Summary jsonpath-plus is used by IBM Event Streams as part of the UI. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code...

9.8CVSS7.4AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/13 11:46 a.m.28 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

9.8CVSS10AI score0.76959EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:42 a.m.18 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this...

6.1CVSS6.1AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:26 a.m.22 views

Security Bulletin: Due to use of Async, IBM Event Streams is vulnerable to Regular Expression denial of service

Summary Async is used by IBM Event Streams CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a specially crafted...

7.5CVSS7.4AI score0.00812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:20 a.m.36 views

Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.

Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...

5.3CVSS6.7AI score0.02211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/24 5:23 a.m.16 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Netty package (CVE-2023-34462).

Summary Netty is used by IBM Event Streams, providing high-performance, asynchronous network communication that ensures scalability, low latency, and secure connections, essential for real-time data processing and reliable event delivery. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION:...

6.5CVSS6.8AI score0.02459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/23 7:42 a.m.30 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java (CVE-2022-3509).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the protobuf-java core and lite. They are most often used for defining communications protocols together with gRPC and for data storage. Vulnerability Details CVEID:CVE-2022-3509 DESCRIPTION: protobuf-java core and lite...

7.5CVSS7.2AI score0.00567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/23 7:40 a.m.35 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka (CVE-2024-27309).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the Apache Kafka. It is primarily used to build real-time streaming data pipelines and applications that adapt to the data streams. It combines messaging, storage, and stream processing to allow storage and analysis of...

7.4CVSS7.4AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/23 7:39 a.m.23 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java (CVE-2023-43642).

Summary IBM Event Streams is vulnerable to a denial of service attack due to the snappy-java component. In IBM Event Streams, Snappy-java boosts performance by compressing event payloads before transmission and decompressing them on the client side, reducing bandwidth usage and improving data...

7.5CVSS7.3AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/23 7:36 a.m.17 views

Security Bulletin: IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component (CVE-2023-26159).

Summary IBM Event Streams is vulnerable to phishing attack due to the follow-redirects component. In event streams, following redirects ensures uninterrupted data flow by automatically directing clients to new endpoints if the original one changes. It also aids in load balancing and failover...

7.3CVSS6.6AI score0.00797EPSS
Exploits1Affected Software1
Rows per page
Query Builder