Lucene search
+L

33 matches found

Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.8 views

PT-2024-10237 · Ibm · Ibm Devops Velocity +1

The affected software is IBM DevOps Velocity and IBM UrbanCode Velocity. The versions of IBM DevOps Velocity that are affected are 5.0.0, and the versions of IBM UrbanCode Velocity that are affected are 4.0.0 through 4.0.25. These versions allow web pages to be stored locally, which can then be...

4CVSS6.2AI score0.00206EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.13 views

PT-2024-10238 · Ibm · Ibm Devops Velocity +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...

7.5CVSS7AI score0.00311EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.8 views

PT-2024-10239 · Ibm · Ibm Devops Velocity +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of an untrusted cross-domain policy file, which could allow a remote attacker to gain unauthorized access to...

7.5CVSS7AI score0.00345EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 9:9 p.m.17 views

Security Bulletin: Vulnerability in d3-color affects IBM UrbanCode Velocity . WS-2022-0322

Summary WS-2022-0322 The d3-color module prior to 3.1.0 which Velocity was using is susceptible to a regular expression denial of service attack. Vulnerability Details IBM X-Force ID: 212233 DESCRIPTION: d3-color is vulnerable to a denial of service, caused by improper input validation. By sendin...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 9:4 p.m.52 views

Security Bulletin: CVE-2022-24434 An issue was discovered in the npm package dicer

Summary This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: Node.js...

7.5CVSS7.3AI score0.03237EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 8:53 p.m.49 views

Security Bulletin: CVE-2022-41713 An issue was discovered in deep-object-diff version 1.1.0

Summary CVE-2022-41713 deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited. Vulnerability Details...

5.3CVSS5.3AI score0.00643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:5 p.m.35 views

Security Bulletin: CVE-2020-7774

Summary This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require'y18n'; y18n.setLocale'proto'; y18n.updateLocalepolluted: true; console.logpolluted; // true Vulnerability Details CVEID: CVE-2020-7774 DESCRIPTION: Node.js y18n module could allow a remote...

9.8CVSS2.8AI score0.69062EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:4 p.m.49 views

Security Bulletin: CVE-2021-23369

Summary The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. Vulnerability Details CVEID: CVE-2021-23369 DESCRIPTION: Node.js handlebars module could allow a remote attacker t...

9.8CVSS2.5AI score0.07028EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:3 p.m.33 views

Security Bulletin: CVE-2020-28500

Summary Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service ReDoS via the toNumber, trim and trimEnd functions. Vulnerability Details CVEID: CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression...

5.3CVSS2.2AI score0.07336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 7:2 p.m.126 views

Security Bulletin: CVE-2021-23337

Summary Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. Vulnerability Details CVEID: CVE-2021-23337 DESCRIPTION: Node.js lodash module could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command...

7.2CVSS2.6AI score0.2241EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/08 6:57 p.m.36 views

Security Bulletin: CVE-2020-8203

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute...

7.4CVSS1.1AI score0.05213EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/21 2:12 p.m.116 views

Security Bulletin: IBM UrbanCode Velocity CVE-2021-44228, Apache Log4j

Summary IBM UrbanCode Velocity is vulnerable to CVE-2021-44228, Apache Log4j in the web client. The other IBM UrbanCode Velocity services are built upon JavaScript which use Log4js and based on current knowledge and analysis, we believe are not affected. Vulnerability Details CVEID: CVE-2021-4422...

10CVSS1.3AI score0.99999EPSS
Exploits355Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/04 9:41 p.m.41 views

Security Bulletin: CVE-2020-15366 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.

Summary CVE-2020-15366 An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an...

6.8CVSS2.2AI score0.02313EPSS
Exploits0Affected Software1
Rows per page
Query Builder