Lucene search
K

85 matches found

Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37703

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:56 p.m.2 views

CVE-2026-21957

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

7.5CVSS7.2AI score0.00212EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-26023

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.00517EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.77 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 11:10 a.m.7 views

CVE-2024-21088

Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite component: Import Utility. Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production...

7.5CVSS6.5AI score0.0052EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-38477

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38477 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in modproxy. By sending a...

7.5CVSS6.6AI score0.03153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/21 9:46 p.m.46 views

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

7.5CVSS7.1AI score0.99995EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/11 2:5 a.m.34 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2022-3094]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-3094 Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to...

7.5CVSS6.8AI score0.13108EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2024/10/15 7:52 p.m.16 views

CVE-2024-21272

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/Python. Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors...

7.5CVSS7.9AI score0.00517EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 7:0 p.m.21 views

Security Bulletin: Vulnerablity in Okio GzipSource affects watsonx.data

Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...

7.5CVSS7.4AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/25 5:59 p.m.19 views

Security Bulletin: Vulnerability in Gorilla Web Toolkit affects IBM watsonx.data

Summary Gorilla web toolkit schema is vulnerable to a denial of service, caused by a memory exhaustion flaw due to sparse slice deserialization. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect...

7.5CVSS7.5AI score0.01105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 7:30 a.m.26 views

Security Bulletin: IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067.

Summary IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to...

7.5CVSS6.9AI score0.03397EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.204 views

Allen-Bradley's Legacy Protocol (PCCC) Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoS Exploitation of Allen-Bradley's Legacy Protocol PCCC", 'Description' = %q A remote, unauthenticated attacker could send a single, specially...

7.5CVSS7AI score0.22182EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:17 p.m.30 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to resource exhaustion attack due to github.com/Cloudflare/cfssl ( CVE-2023-39533 )

Summary github.com/Cloudflare/cfssl is used by IBM Cloud Pak for Data. CVE-2023-39533. Vulnerability Details CVEID:CVE-2023-39533 DESCRIPTION: libp2p go-libp2p is vulnerable to a denial of service, caused by a flaw during the signature verification. By sending a specially crafted request using...

7.5CVSS7.3AI score0.01084EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:57 p.m.31 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

7.5CVSS7.4AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/01 6:0 a.m.15 views

Security Bulletin: Denial of service caused by jose4j in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center

Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/26 11:49 a.m.16 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to a denial of service due to a module used in node

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor IBM X-Force ID: 294242. Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the...

7.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/25 10:5 p.m.28 views

Security Bulletin: Maximo Application Suite - gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP...

7.5CVSS7.3AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:46 a.m.30 views

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...

7.5CVSS7.2AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 12:13 p.m.35 views

Security Bulletin: Gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135 Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding...

7.5CVSS7.3AI score0.02996EPSS
Exploits0Affected Software1
Rows per page
Query Builder