Lucene search
+L

47 matches found

ibm
ibm
added 2025/11/07 8:36 p.m.10 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CSRF Attack (CVE-2025-47909)

Summary gorilla/csrf is used by Scheduling Service. A vulnerability in gorilla/csrf is addressed. Vulnerability Details CVEID:CVE-2025-47909 DESCRIPTION: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks...

7.3CVSS6.5AI score0.0016EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-25378

Malware in sbrugna...

8.1CVSS5.8AI score0.00854EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-31299

Malicious code in bioql PyPI...

5.5CVSS4.8AI score0.00195EPSS
Exploits0References2
ibm
ibm
added 2025/09/30 4:56 p.m.24 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.11.0 Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported...

8.1CVSS9.4AI score0.01058EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/08/26 5:1 p.m.11 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-24358

Summary github.com/gorilla/csrf-v1.7.1 is used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-24358 DESCRIPTION: gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Orig...

6CVSS3.8AI score0.00347EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/06/05 5:39 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-22870

Summary golang.org/x/net-v0.25.0 and golang.org/x/net-v0.33.0 are used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environmen...

4.4CVSS6.8AI score0.00393EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/06/03 1:56 p.m.24 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

7.5CVSS7.3AI score0.95707EPSS
Exploits7Affected Software1
ibm
ibm
added 2025/06/03 1:54 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...

5.3CVSS6.4AI score0.00874EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2025/05/23 5:2 a.m.8 views

CVE-2023-27545

IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947...

5.5CVSS5.4AI score0.00195EPSS
Exploits0References1
ibm
ibm
added 2025/04/29 2:0 a.m.61 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS10AI score0.03168EPSS
Exploits4Affected Software1
ibm
ibm
added 2025/04/15 3:11 a.m.58 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.1 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted packages have...

10CVSS10AI score0.01421EPSS
Exploits5Affected Software1
ibm
ibm
added 2025/04/15 3:3 a.m.88 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.35447EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/04/15 2:46 a.m.85 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.87211EPSS
Exploits7Affected Software1
ibm
ibm
added 2025/04/02 3:29 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.

Summary Golang's net/http is used by the CP4D Scheduling Service for http communication. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...

7.5CVSS7.1AI score0.91969EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/04/02 3:26 p.m.5 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-36129.

Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2024-36129. Vulnerability Details CVEID:CVE-2024-36129 DESCRIPTION: OpenTelemetry OpenTelemetry Collector is vulnerable to a denial of service, caused by an unsafe decompression vulnerability. By...

8.2CVSS7AI score0.00994EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/04/02 3:21 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45506.

Summary HAProxy is used by the CP4D Scheduling Service for multicluster scheduling. CVE-2024-45506. Vulnerability Details CVEID:CVE-2024-45506 DESCRIPTION: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding...

7.5CVSS7.1AI score0.01203EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/02 3:17 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to IBM X-Force ID: 350626.

Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sendi...

6.8AI score
Exploits0Affected Software1
ibm
ibm
added 2025/03/26 3:57 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Watson AIOps version 4.2.0 Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable to HTML injection. A remote attacker could inject malicious HTML code into a template containing multiple actions separated by a...

9.8CVSS9.7AI score0.01837EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/03/26 2:34 a.m.90 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.15046EPSS
Exploits4Affected Software1
ibm
ibm
added 2024/03/27 8:12 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.04561EPSS
Exploits4Affected Software1
Rows per page
Query Builder