Lucene search
K

93 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/07/19 8:13 p.m.53 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2023-28530, XFID: 212233, CVE-2022-24999, CVE-2023-28530, CVE-2023-25929)

Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP2. These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP7. Denial of Service DOS vulnerabilities have been addressed in Netplex json-smart-v2 CVE-2023-1370 , node.js d3-colo...

7.5CVSS8.2AI score0.14663EPSS
Exploits3Affected Software1
Kitploit
Kitploit
added 2023/07/07 12:30 p.m.86 views

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

9.8CVSS9.8AI score0.75098EPSS
Exploits5References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:41 a.m.49 views

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...

9.8CVSS9.6AI score0.59501EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/01 2:9 p.m.89 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF019 and 22.0.2-IF003. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are...

9.8CVSS8.7AI score0.95302EPSS
Exploits13Affected Software2
RedHat Linux
RedHat Linux
added 2023/03/30 1:6 p.m.3 views

express: "qs" prototype poisoning causes the hang of the node process

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker can cause a...

7.5CVSS7.2AI score0.14663EPSS
Exploits2References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:46 a.m.42 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Express.js Express (CVE-2022-24999)

Summary This security vulnerability affects qs package before 6.10.3 that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or...

7.5CVSS8.2AI score0.14663EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 5:26 p.m.31 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2022-24999

Summary There is a vulnerability CVE-2022-24999 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

7.5CVSS8.1AI score0.14663EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/17 10:46 a.m.45 views

Security Bulletin: IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to node.js module qs [CVE-2022-24999]

Summary IBM App Connect Enterprise & IBM Integration Bus are vulnerable to a denial of service due to node.js module qs CVE-2022-24999. The vulnerability has been addressed Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a...

7.5CVSS8.2AI score0.14663EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/01 9:0 a.m.48 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

8.1CVSS8.7AI score0.59501EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/07 9:29 p.m.45 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Express.js Express denial of service (CVE-2022-24999)

Summary Potential denial of service vulnerability in express-CVE-2022-24999 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to...

7.5CVSS8.1AI score0.14663EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/06 7:42 p.m.4 views

express: "qs" prototype poisoning causes the hang of the node process

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker can cause a...

7.5CVSS7.2AI score0.14663EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2022/12/02 2:26 p.m.42 views

CVE-2022-24999

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a proto or constructor payload, a remote attacker can cause a...

7.5CVSS8.1AI score0.14663EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2018/06/07 9:19 p.m.21 views

CVE-2017-16118

The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS3.8AI score0.01947EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/06/07 8:49 p.m.23 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS3.1AI score0.01584EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2018/06/07 8:49 a.m.21 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.5CVSS2.5AI score0.01215EPSS
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.10 views

CVE-2017-16136

method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesn't support it. method-override is vulnerable to a regular expression denial of service vulnerability when specially crafted input is passed in to be parsed...

7.5CVSS7.6AI score
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.1 views

DEBIAN-CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.5AI score0.01584EPSS
Exploits0References1
NVD
NVD
added 2018/06/07 2:29 a.m.23 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.3AI score0.01584EPSS
Exploits0References1
OSV
OSV
added 2018/06/07 2:29 a.m.4 views

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

7.5CVSS7.3AI score
Exploits0References1
Prion
Prion
added 2018/06/07 2:29 a.m.19 views

Race condition

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

5CVSS7.3AI score0.01584EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder