24 matches found
Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties
Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...
Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]
Summary Multiple vulnerabilities have been identified in Turf.js which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
K47105354: Lodash library vulnerability CVE-2019-10744
Security Advisory Description Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. CVE-2019-10744 Impact An attacker can use Function inside of...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.0 release and security update
Red Hat AMQ Broker 7.10.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: IBM Robotic Process Automation is vulnerable to a denial of service through node.js lodash
Summary Security Bulletin: IBM Robotic Process Automation is vulnerable to a denial of service through node.js lodash Vulnerability Details CVEID:CVE-2019-10744 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a...
Security Bulletin: Node.js lodash vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ( CVE-2019-10744)
Summary Node.js lodash denial of service vulnerability affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.17.2 jaeger-all-in-one-rhel7-container and jaeger-query-rhel7-container security update
An update for jaeger-all-in-one-rhel7-container and jaeger-query-rhel7-container is now available for Jaeger-1.17. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
Security Bulletin: A security vulnerability in Node.js affects IBM Integration Bus & IBM App Connect Enterprise V11 (CVE-2019-10744)
Summary IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js for which vulnerabilities were reported and have been addressed. Vulnerability details are listed below. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Node.js lodash module is vulnerable to a denial of...
RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:2362)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2362 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh security update
An update for jaeger, kiali, and servicemesh-grafana is now available for OpenShift Service Mesh 1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
F5 Networks BIG-IP : Lodash library vulnerability (K47105354)
The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.2 / 13.1.3.4 / 13.1.3.5 / 14.1.2.5 / 14.1.2.7 / 15.0.1.4 / 15.1.0.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K47105354 advisory. - Versions of lodash lower than 4.17.12 a...
Security Bulletin: Possible denial of service vulnerability in Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary There is a possible denial of service vulnerability in some of the Watson Knowledge Catalog for IBM Cloud Pak for Data UI services. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service,...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - lodash (CVE-2019-10744)
Summary A Security Vulnerability affects IBM Cloud Private - lodash Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of...
Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI.
Summary Vulnerability CVE-2019-10744 found in lodash package. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype...
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js by Prototype Pollution vulnerabiliy
Summary IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js lodash module CVE-2019-10744 Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked...
Moderate: Red Hat Security Advisory: ovirt-web-ui security and bug fix update
An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Linux
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Elastic Kibana < 6.8.2, 7.x < 7.2.1 Multiple Vulnerabilities (ESA-2019-09, ESA-2019-10) - Windows
Kibana is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-10744
CVE-2019-10744 affects lodash versions lower than 4.17.12 and enables Prototype Pollution via defaultsDeep, by injecting a constructor payload to modify Object.prototype. IBM X-Force lists a base3.1 score of 9.1 (CRITICAL) and confirms the prototype pollution impact. Remediation: upgrade lodash t...
@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +216 more potentially affected by CVE-2019-10744 via lodash.defaultsdeep (>=3.10.0 <=4.6.0)
lodash.defaultsdeep NPM version =3.10.0, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =1.0.0, =1.1.1, =3.1.0 and more Source cves: CVE-2019-10744 Source advisory: OSV:GHSA-JF85-CPCP-J695...