EUVD-2025-1982

Malicious code in bioql PyPI...

curl: Memory Leak in libcurl via Location Header Handling (CWE-770)

Summary: This report details a memory leak vulnerability in libcurl that occurs when processing HTTP 3xx redirect responses containing a Location: header. Specifically, the memory allocated for the Location: header's value is not properly deallocated when the Curleasy handle is reused for...

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

CVE-2025-1059

CVE-2025-1059 is associated with Schneider Electric ASCO 5310/5350 Remote Annunciator products. The connected sources describe an Allocation of Resources Without Limits or Throttling vulnerability that could cause communications to stop on the device webserver when malicious packets are received ...

CVE-2025-1059

CWE-770: Allocation of Resources Without Limits or Throttling vulnerability exists that could cause communications to stop when malicious packets are sent to the webserver of the device...

Security Bulletin: IBM B2B Sterling Integrator is vunerable to Denial of Service attack due to Netty

Summary IBM B2B Sterling Integrator is affected by a Denial of Service vulnerability in Netty. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers &...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses starlette-0.38.6-py3-none-any.whl which is vulnerable to this CVE-2024-47874 Vulnerability Details CVEID:CVE-2024-47874 DESCRIPTION: Starlette is an Asynchronous Server Gateway Interface ASGI...

Security Bulletin: Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class (CVE-2024-47554)

Summary Improper Resource Allocation in IBM Jazz for Service Management due to Apache Commons IO XmlStreamReader Class CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw...

Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses idna-2.8-py2.py3-none-any.whl which is vulnerable to CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encod...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafte...

Security Bulletin: IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts.(CVE-2024-21147)

Summary IBM PowerVM Novalink is vulnerable because an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java ...

Security Bulletin: IBM Safer Payments vulnerable to a denial of service issue (CVE-2024-45662)

Summary Buffer overflow and uncontrolled memory allocation errors can occur in MCI when remote systems send arbitrary large requests, leading to Denial of Service. This vulnerability is addressed Vulnerability Details CVEID:CVE-2024-45662 DESCRIPTION: IBM Safer Payments could allow a remote...

Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)

Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

Security Bulletin: IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks

Summary IBM B2B Sterling Integrator is affected by JSON-java's vulnerability to denial of service attacks Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker...

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem

Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...