CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

128 matches found

IBM Security Bulletins•added 2025/02/27 3:25 a.m.•6 views

Security Bulletin: IBM Event Processing is vulnerable to Regular Expression Denial of Service (ReDoS) due to the cross-spawn package (CVE-2024-21538).

Summary Operator of IBM Event Processing is vulnerable to Regular Expression Denial of Service ReDoS due to the usage of cross-spawn package. The cross-spawn npm package is a cross-platform solution for spawning child processes in Node.js. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION:...

8.7CVSS7.4AI score0.00873EPSS

Exploits0Affected Software1

CVE•added 2025/02/26 1:55 a.m.•107 views

CVE-2022-49139

CVE-2022-49139 affects the Linux kernel Bluetooth stack. The issue occurs in the HCI handling path: upon receiving a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, with LE link type and a status triggering the second packet-processing case, a NULL pointer dereferen...

5.5CVSS5.5AI score0.00243EPSS

Exploits0References5Affected Software1

IBM Security Bulletins•added 2024/11/13 11:47 a.m.•15 views

Security Bulletin: IBM Event Processing susceptible improper validation

Summary IBM Event Processing vulnerable to cross-site scripting, caused by improper validation CVE-2024-43788 Vulnerability Details CVEID:CVE-2024-43788 DESCRIPTION: Webpack and Rspack are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

6.4CVSS6.1AI score0.00897EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/11/13 11:46 a.m.•19 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple base image vulnerabilities were addressed in IBM Event Processing version 1.2.2. Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trustin...

9.8CVSS9.9AI score0.8344EPSS

Exploits17Affected Software1

IBM Security Bulletins•added 2024/11/12 10:8 a.m.•16 views

Security Bulletin: Due to use of Async, IBM Event Processing is vulnerable to Regular Expression Denial of Service

Summary Async is used by IBM Event Processing as part of the frontend. CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By...

7.5CVSS7.4AI score0.00812EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/11/12 10:5 a.m.•19 views

Security Bulletin: Due to use of Axios, IBM Event Processing is vulnerable to server-side request forgery

Summary Axios is used by IBM Event Processing frontend. CVE-2024-39338 Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially...

7.5CVSS6.2AI score0.01414EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/10/08 1:59 p.m.•11 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service

Summary Operator of IBM Event Processing backend and operator is vulnerable to denial of service. CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a...

8.1CVSS6.7AI score0.00898EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/07/15 5:40 a.m.•26 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing.

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.1.8 Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decrypti...

9.1CVSS7.5AI score0.01639EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2024/06/26 4:22 p.m.•31 views

Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).

Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details CVEID:CVE-2024-25710...

8.1CVSS6.6AI score0.00898EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/04/25 5:24 a.m.•40 views

Security Bulletin: IBM Event Processing is vulnerable to high confidentiality, integrity and availability impacts (CVE-2023-22102).

Summary MySQL Connector/J versions used by IBM Event Processing are susceptible to a difficult to exploit vulnerability that could allow an unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a perso...

8.3CVSS7.2AI score0.00872EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/04/25 5:23 a.m.•26 views

Security Bulletin: IBM Event Processing is vulnerable to conduct phishing attacks, caused by an open redirect vulnerability (CVE-2023-26159).

Summary There is a vulnerability in follow-redirects used by IBM Event Processing which is categorized as an Improper Input Validation vulnerability due to the improper handling of URLs by the url.parse function. This vulnerability can be exploited by manipulating the hostname when new URL throws...

7.3CVSS6.5AI score0.00797EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/04/25 5:18 a.m.•24 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service attack (CVE-2023-51074).

Summary IBM Event Processing is vulnerable to a denial of service due to json-path component , caused by a stack-based buffer overflow in the Criteria.parse method. It is a query language for JSON, similar to XPath for XML. It allows you to select and extract data from a JSON document...

5.3CVSS5.7AI score0.0067EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/02/16 8:17 a.m.•136 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service (CVE-2023-4043).

Summary IBM Event Processing is vulnerable to a denial of service due to parsson-1.1.2.jar component. Parsson provides an implementation of Jakarta JSON Processing Specification. Vulnerability Details CVEID:CVE-2023-4043 DESCRIPTION: Eclipse Parsson is vulnerable to a denial of service, caused by...

7.5CVSS6.4AI score0.00764EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/01/24 10:2 a.m.•34 views

Security Bulletin: IBM Event Processing is vulnerable to Improper Input Validation due to the PostCSS (CVE-2023-44270).

Summary Operator of IBM Event Processing is vulnerable to Improper Input Validation due to the postcss-8.4.21.tgz before 8.4.31. PostCSS is a tool for transforming CSS with JavaScript plugins and this is a dev dependency used by Event Processing Team. CVE-2023-44270. Vulnerability Details...

5.3CVSS5.5AI score0.00822EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2024/01/24 9:58 a.m.•34 views

Security Bulletin: IBM Event Processing is vulnerable to cross-site request forgery(XSS) due to the Axios (CVE-2023-45857).

Summary IBM Event Processing is vulnerable to cross-site request forgeryXSS due to axios-0.27.2.tgz. Axios is a library used in nodejs component which is used to build Event Processing UI. CVE-2023-45857 is applicable to all axios package before 1.6.0 which results in a xss vulnerability...

6.5CVSS6.4AI score0.00556EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2024/01/24 9:56 a.m.•27 views

Security Bulletin: IBM Event Processing is vulnerable to a man-in-the-middle attack due to the Hot Rod Client (CVE-2023-4586).

Summary Operator of IBM Event Processing is vulnerable to a man-in-the-middle attack due to netty-handler-4.1.94.Final.jar with CVE-2023-4586. Hot Rod is a binary, platform-independent protocol that was developed in the open as a part of Infinispan. Infinispan is as a shared store for stateful...

7.4CVSS7.1AI score0.00448EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2023/11/29 10:33 p.m.•40 views

Security Bulletin: IBM Event Processing contains a vulnerability in Netty (CVE-2023-44487)

Summary Operator of IBM Event Processing contains a vulnerability in Netty 4.1.94 CVE-2023-44487 Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending...

7.5CVSS7.7AI score0.99999EPSS

Exploits19Affected Software1

IBM Security Bulletins•added 2023/11/29 10:30 p.m.•27 views

Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in snappy-java (CVE-2023-43642)

Summary This security vulnerability in snappy-java which is a Java port of the snappy within IBM Operator for Apache Flink is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is...

7.5CVSS7.3AI score0.0104EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/10/31 2:35 a.m.•36 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service

Summary Operator of IBM Event Processing is vulnerable to an unauthorized endpoint access and possibly a denial of service. CVE-2023-4853 Vulnerability Details CVEID: CVE-2023-4853 DESCRIPTION: Quarkus could allow a remote attacker to bypass security restrictions, caused by improper sanitization ...

8.1CVSS6.6AI score0.01215EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2023/10/31 2:33 a.m.•44 views

Security Bulletin: IBM Event Processing contains a vulnerability in okhttp Java

Summary Operator of IBM Event Processing contains a vulnerability in Okio-jvm which is vulnerable to a denial of service CVE-2023-3635. Vulnerability Details CVEID: CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a special...

7.5CVSS6.5AI score0.01077EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by