Lucene search
K

23 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:30 p.m.15 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.15.0 shipped with IBM Cloud Pak for Business Automation iFixes for December 2025.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation December 2025 security fixes update this dependency beyond 4.15.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2016-10540 DESCRIPTION: Minimatc...

9.1CVSS9.1AI score0.2241EPSS
Exploits13Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.36 views

RHEL 8 : lodash (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - lodash: Prototype pollution in utilities function CVE-2018-3721 Note that Nessus has not tested for this issue but...

7.3AI score0.02413EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/27 3:53 a.m.54 views

Security Bulletin: Vulnerabilities in lodash library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-1010266, CVE-2020-28500, CVE-2018-16487, CVE-2018-3721, CVE-2020-8203, CVE-2021-23337, CVE-2019-10744)

Summary lodash is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes lodash v4.17.21. Vulnerability Details CVEID: CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable to a denial of service, caused by uncontrolled resource consumption in Date handler. By...

9.1CVSS0.9AI score0.2241EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/06/06 4:40 p.m.41 views

Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...

6.5CVSS0.7AI score0.07243EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/29 10:25 p.m.28 views

Security Bulletin: IBM API Connect is affected by vulnerabilities in Node JS modules (CVE-2018-3721 CVE-2016-10531)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3721 DESCRIPTION: Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the...

6.5CVSS0.8AI score0.02413EPSS
Exploits3Affected Software1
Snyk
Snyk
added 2018/08/31 6:21 p.m.4 views

Prototype Pollution

Overview lodash.merge is a Lodash method .merge exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an...

7.3CVSS6.9AI score0.02413EPSS
Exploits3References6
Snyk
Snyk
added 2018/08/31 6:21 p.m.5 views

Prototype Pollution

Overview lodash.basemerge is a The internal Lo-Dash function baseMerge as a Node.js module generated by lodash-cli. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of...

7.3CVSS6.9AI score0.02413EPSS
Exploits3References6
vulnersOsv
vulnersOsv
added 2018/08/31 6:21 p.m.7 views

1tp (>=0.0.2 <=0.21.1), 1tp-registrar (>=0.1.1 <=0.1.2) +5702 more potentially affected by CVE-2018-16487 +1 more via lodash (>=4.0.0 <=4.17.10)

lodash NPM version =4.0.0, =0.0.2, =0.1.1, =1.0.0, =0.2.0, =0.1.0, =0.1.0, =0.0.1, =0.2.1, =0.0.2, =0.0.7, =0.4.20, =1.16.0, =1.16.0, =1.16.7 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory: SNYK:JS-LODASH-73638...

6.8CVSS6.1AI score0.02413EPSS
Exploits3
Snyk
Snyk
added 2018/08/31 6:21 p.m.4 views

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to...

7.3CVSS6.9AI score0.02413EPSS
Exploits3References6
vulnersOsv
vulnersOsv
added 2018/08/31 6:21 p.m.13 views

@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +186 more potentially affected by CVE-2018-16487 +1 more via lodash.defaultsdeep (>=4.3.2 <=4.6.0)

lodash.defaultsdeep NPM version =4.3.2, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =3.0.0, =6.8.1, =7.1.11 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...

6.8CVSS6.4AI score0.02413EPSS
Exploits3
OSV
OSV
added 2018/06/07 2:29 a.m.11 views

AZL-45420 CVE-2018-3721 affecting package js-jquery 3.5.0-4

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS6.5AI score0.02413EPSS
Exploits2References1
OSV
OSV
added 2018/06/07 2:29 a.m.24 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS6.6AI score0.02413EPSS
Exploits2References3
NVD
NVD
added 2018/06/07 2:29 a.m.29 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS7.6AI score0.02413EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2018/06/07 2:29 a.m.41 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS6.6AI score0.02413EPSS
Exploits2References4
CVE
CVE
added 2018/06/07 2:0 a.m.225 views

CVE-2018-3721

CVE-2018-3721 relates to the lodash node module prior to 4.17.5, enabling a prototype pollution MAID vulnerability through defaultsDeep, merge, and mergeWith that could modify Object.prototype via proto . The provided IBM security bulletin corroborates the vulnerability details for this CVE and l...

6.5CVSS6.3AI score0.02413EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.26 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

7.5AI score0.02413EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2018/06/07 2:0 a.m.36 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS5.6AI score0.02413EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2018/02/15 7:19 p.m.37 views

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

6.5CVSS4.8AI score0.02413EPSS
Exploits2References1
vulnersOsv
vulnersOsv
added 2018/01/30 10:28 p.m.5 views

@blackbaud-bobbyearl/skyux-builder (>=1.10.0 <=1.10.1), @blackbaud/skyux-builder (>=1.10.1 <=1.31.0) +72 more potentially affected by CVE-2018-3721 via lodash.mergewith (>=4.0.3 <=4.6.0)

lodash.mergewith NPM version =4.0.3, =1.10.0, =1.10.1, =5.0.0, =5.2.8, =5.0.0, =5.0.0, =5.1.1, =1.3.0, =1.0.0-alpha.1, =1.0.4, =1.1.3, =1.0.0, =1.1.11, =1.0.3, =1.0.0, =1.0.0-alpha.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGEWITH-174137...

6.5CVSS6.4AI score0.02413EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2018/01/30 10:28 p.m.4 views

@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-3721 via lodash.merge (>=4.0.1 <=4.6.1)

lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGE-173733...

6.5CVSS6.4AI score0.02413EPSS
Exploits2
Rows per page
Query Builder