Lucene search
+L

220 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/01/24 10:4 a.m.20 views

Security Bulletin: IBM Event Streams is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary IBM Event Streams is vulnerable to a man-in-the-middle attack due to the netty-handler-4.1.86.Final.jar component of Hot Rod client. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful data...

7.4CVSS7.1AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/23 4:7 a.m.46 views

Security Bulletin: IBM Event Streams is affected by an openSSL Vulnerability - CVE-2023-3817

Summary OpenSSL is an open-source command line tool to generate private keys, install your TLS certificates and identify cert information. This CVE-2023-3817 carries a risk of potential denial of service attack. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a...

5.3CVSS5.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:29 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32006)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32006 Vulnerability Details CVEID:CVE-2023-32006 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of...

8.8CVSS9.1AI score0.01273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:28 p.m.43 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32559 Vulnerability Details CVEID:CVE-2023-32559 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of the deprecated API...

7.5CVSS8.5AI score0.01484EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:27 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-25883)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-25883 Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS...

7.8CVSS7.4AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:26 p.m.31 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Module._load() module (CVE-2023-32002)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. CVE-2023-32002 Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by the use of Module.load. By sending a...

9.8CVSS9.3AI score0.0143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 10:25 p.m.33 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)

Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...

5.9CVSS6.4AI score0.0181EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/24 11:35 a.m.31 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js ChromeDriver module (CVE-2023-26156)

Summary This security vulnerability affects a required node.js module within IBM Event Streams UI component. Vulnerability Details CVEID: CVE-2023-26156 DESCRIPTION: Node.js ChromeDriver module could allow a remote attacker to execute arbitrary commands on the system, caused by a command injectio...

7.5CVSS8AI score0.02233EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 1:52 p.m.39 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)

Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...

7.5CVSS8.2AI score0.01772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 11:44 a.m.33 views

Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27536. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...

5.9CVSS7.2AI score0.01566EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 11:43 a.m.37 views

Security Bulletin: IBM Event Streams is affected by libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27535. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. This bulletin identifies the steps to take to address the vulnerability...

5.9CVSS7.2AI score0.01607EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/10 1:51 p.m.64 views

Security Bulletin: IBM Event Streams is affected by a denial of service due to OpenSSL vulnerabilities

Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4450, CVE-2023-0216. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error relat...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 2:39 p.m.40 views

Security Bulletin: IBM Event Streams is affected by a libcurl vulnerability

Summary cURL libcurl is used by IBM Event Streams as part of the Operating System CVE-2023-27534. The library supports retrieving data in-memory, downloading to disk, or streaming using the R "connection" interface. Vulnerability Details CVEID:CVE-2023-27534 DESCRIPTION: cURL libcurl could allow ...

8.8CVSS8.4AI score0.02195EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/25 2:34 p.m.55 views

Security Bulletin: IBM Event Streams is affected by multiple openssl vulnerabilities

Summary Openssl is used by IBM Event Streams as part of the Operating System CVE-2022-4304, CVE-2023-0215, CVE-2023-0286. This is a library that provides secure communication. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

7.5CVSS7.5AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:37 a.m.57 views

Security Bulletin: IBM Event Streams is vulnerable to denial of service attacks due to snappy-java (CVE-2023-34453, CVE-2023-34455, CVE-2023-34454)

Summary IBM Event Streams is affected by snappy-java vulnerabilities CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a special...

7.5CVSS7.1AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/29 9:35 a.m.60 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Golang Go (CVE-2023-29409)

Summary IBM Event Streams is affected by Golang Go vulnerability CVE-2023-29409 Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificat...

5.3CVSS6.4AI score0.01328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 4:29 p.m.47 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Golang Go (CVE-2023-29406)

Summary Vulnerabilities in golang before 1.19.11 affect the golang component that is used by IBM Event Streams CVE-2023-29406. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-29406 DESCRIPTION: Golang Go is vulnerable to HTTP header injection, caused by improper conten...

6.5CVSS7AI score0.01453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 4:26 p.m.35 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js Request package (CVE-2023-28155)

Summary A vulnerability in Node.js Request package through 2.88.1 affects the Node.js component that is used by IBM Event Streams CVE-2023-28155. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side...

6.1CVSS6.1AI score0.00713EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/01 9:43 a.m.61 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Node.js

Summary Vulnerabilities in node.js before 18.16.1 affect the Node.js component that is used by IBM Event Streams CVE-2023-30581, CVE-2023-30589, CVE-2023-30585, CVE-2023-30590, CVE-2023-30588. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-30589 DESCRIPTION: Node....

7.5CVSS8.1AI score0.03906EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 6:12 a.m.57 views

Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Golang Go

Summary Vulnerabilities in golang before 1.19.10 affect the golang component that is used by IBM Event Streams CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-29403 DESCRIPTION: Golang Go could allow a...

9.8CVSS9.5AI score0.01837EPSS
Exploits0Affected Software1
Rows per page
Query Builder