Lucene search
K

93 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-0140

Malware in sbrugna...

8.1CVSS8AI score0.0171EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-0216

Malware in sbrugna...

4.3CVSS6.4AI score0.01546EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-0358

Malware in sbrugna...

6.5CVSS6.6AI score0.00778EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in bluemix-objstore (npm)

The package bluemix-objstore was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-15887 Malicious code in bluemix-objstore (npm)

The package bluemix-objstore was found to contain malicious code...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:45 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix April 2016 (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An...

4.3CVSS6.7AI score0.02795EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:45 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL...

5CVSS4.1AI score0.99999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:45 p.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix October 2015

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

5CVSS6.2AI score0.05288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:43 p.m.54 views

Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. Vulnerability Details...

5CVSS7.3AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:41 p.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix January 2016 (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in January 2016 and include the vulnerability commonly referred to as "SLOTH"...

5.9CVSS6.2AI score0.05453EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/02/05 6:15 p.m.22 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

8.1CVSS7.8AI score0.0171EPSS
Exploits0References3
Prion
Prion
added 2020/02/05 6:15 p.m.14 views

Session fixation

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5.8CVSS6.8AI score0.0171EPSS
Exploits0References3
CVE
CVE
added 2020/02/05 5:23 p.m.52 views

CVE-2015-0102

CVE-2015-0102 affects IBM Workflow for Bluemix. The vulnerability arises because the session cookie is not marked Secure in HTTPS, enabling network attackers to potentially capture the cookie during transmission over HTTP. NVD lists CVSS‑3.1 base score 8.1 (High) and CVSS‑2 base score 5.8 (Medium...

8.1CVSS7.7AI score0.0171EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/02/05 5:23 p.m.20 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

7.9AI score0.0171EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.35 views

Security Bulletin: IBM® SDK for Node.js™ in IBM Bluemix may be affected by CVE-2016-1669

Summary Buffer overflow in the Google V8 Javascript implementation used by IBM SDK for Node.js Vulnerability Details CVEID: CVE-2016-1669 DESCRIPTION: Google Chrome is vulnerable to a buffer overflow, caused by an error in V8. By persuading a victim to visit a specially-crafted Web site, a remote...

9.3CVSS1.8AI score0.04227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.29 views

Security Bulletin: Vulnerability in OpenSSL affects IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-1793)

Summary OpenSSL alternate chains certificate forgery vulnerability CVE-2015-1793 disclosed by the OpenSSL Project on July 9 2015. IBM SDK for Node.js in IBM Bluemix has addressed this CVE. Vulnerability Details CVEID: CVE-2015-1793 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

6.5CVSS1AI score0.61798EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.29 views

Security Bulletin: Current Release of IBM® SDK for Node.js™ in IBM Bluemix is affected by CVE-2015-5380

Summary Denial of service vulnerability caused by an out of bounds write in the V8 JavaScript engine's UTF decoder. Vulnerability Details CVEID: CVE-2015-5380 DESCRIPTION: Google V8, as used in Node.js, is vulnerable to a denial of service that is caused by the failure to verify available memory...

7.5CVSS1.5AI score0.02995EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.18 views

Security Bulletin: Current Releases of IBM® SDK for Node.js™ in IBM Bluemix are affected by CVE-2016-3956, CVE-2016-2515 and CVE-2016-2537.

Summary IBM SDK for Node.js in IBM Bluemix are affected by a HTTP bearer token leak in the npm package management tool and two denial of service vulnerabilities in modules used by the npm package management tool. Vulnerability Details CVE-ID: CVE-2016-3956 Description: npm could allow a remote...

7.8CVSS0.2AI score0.06748EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.52 views

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000 which affects IBM SDK for Node.js in IBM Bluemix. Vulnerability Details CVEID: CVE-2015-4000...

7.5CVSS1AI score0.9986EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/09 4:20 a.m.40 views

Security Bulletin: Multiple vulnerabilities in current releases of IBM® SDK for Node.js™ in IBM Bluemix (CVE-2015-3197, CVE-2016-2086, CVE-2016-2216)

Summary This bulletin describes CVE-2015-3197 that was reported on January 26, 2015 by the OpenSSL Project, plus two additional vulnerabilities. Vulnerability Details CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by the use of...

7.5CVSS0.6AI score0.10731EPSS
Exploits4Affected Software1
Rows per page
Query Builder