Lucene search
K

15 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:39 a.m.124 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-25220 DESCRIPTION: ISC BIND could allow a remote attacker to bypass...

7.5CVSS9.6AI score0.0325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/19 7:21 p.m.33 views

Security Bulletin: IBM Sterling B2B Integrator EBICs client affected by multiple issues due to Jettison

Summary IBM Sterling B2B Integrator uses Jettison in its EBICs client. Vulnerability Details CVEID:CVE-2023-1436 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its...

7.5CVSS7.1AI score0.01395EPSS
Exploits3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/19 12:0 a.m.56 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Jettison vulnerabilities (USN-6177-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6177-1 advisory. It was discovered that Jettison incorrectly handled certain inputs. If a user or an automated system were tricked int...

7.5CVSS7.1AI score0.01395EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.26 views

Amazon Linux 2 : jettison (ALAS-2023-2086)

The version of jettison installed on the remote host is prior to 1.3.3-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2086 advisory. 2024-02-01: CVE-2022-40150 was added to this advisory. Those using Jettison to parse untrusted XML or JSON data may be...

7.5CVSS7.1AI score0.01395EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/05/18 9:54 a.m.86 views

Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.4.0 release and security update

Red Hat AMQ Streams 2.4.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.8AI score0.95302EPSS
Exploits17References17
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/02 8:29 p.m.40 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Jettison

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Jettison. Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-json Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a specially-crafted...

7.5CVSS6.9AI score0.01287EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.43 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8

New Red Hat Single Sign-On 7.6.2 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.8AI score0.99615EPSS
Exploits42References32
RedHat Linux
RedHat Linux
added 2023/01/26 9:42 a.m.64 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

9.8CVSS7AI score0.99931EPSS
Exploits46References14
Tenable Nessus
Tenable Nessus
added 2023/01/19 12:0 a.m.632 views

Oracle WebLogic Server (Jan 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the January 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

9.8CVSS7.9AI score0.99811EPSS
Exploits11References9
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.44 views

Debian DSA-5312-1 : libjettison-java - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5312 advisory. - Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an...

7.5CVSS7.1AI score0.01395EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2023/01/02 12:0 a.m.67 views

Debian dla-3259 : libjettison-java - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3259 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3259-1 [email protected]...

7.5CVSS7.1AI score0.01395EPSS
Exploits2References8
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 10:40 a.m.32 views

Security Bulletin: jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service

Summary jettison-json Jettison used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a stack-based buffer overflow CVE-2022-40149 and an out of memory flaw CVE-2022-40150. CICS Transaction Gateway addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-40149...

7.5CVSS7.1AI score0.01287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 2:9 p.m.63 views

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-40149, CVE-2022-40150)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-40149, CVE-2022-40150 Vulnerability Details CVEID:CVE-2022-40149 DESCRIPTION: jettison-jso...

7.5CVSS7AI score0.01287EPSS
Exploits0Affected Software1
Circl
Circl
added 2022/09/16 2:41 p.m.2 views

CVE-2022-40150

creationtimestamp| type| source ---|---|--- 2022-09-16 14:41:42+00:00| seen| https://t.me/cibsecurity/49900...

7.5CVSS6.9AI score0.01256EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/16 12:0 a.m.41 views

CVE-2022-40150 Stack Buffer Overflow in Jettison

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack...

6.5CVSS7.5AI score0.01256EPSS
Exploits0References4
Rows per page
Query Builder