Lucene search
+L

22 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-25378

Malware in sbrugna...

8.1CVSS5.8AI score0.00854EPSS
Exploits0References3
ibm
ibm
added 2025/06/05 5:39 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-22870

Summary golang.org/x/net-v0.25.0 and golang.org/x/net-v0.33.0 are used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environmen...

4.4CVSS6.8AI score0.00384EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/06/03 1:56 p.m.24 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

7.5CVSS7.3AI score0.95707EPSS
Exploits7Affected Software1
ibm
ibm
added 2025/06/03 1:54 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...

5.3CVSS6.4AI score0.00874EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/29 2:0 a.m.61 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS10AI score0.03168EPSS
Exploits4Affected Software1
ibm
ibm
added 2025/04/15 3:11 a.m.57 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.1 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted packages have...

10CVSS10AI score0.01421EPSS
Exploits5Affected Software1
ibm
ibm
added 2025/04/15 3:3 a.m.88 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.35447EPSS
Exploits2Affected Software1
ibm
ibm
added 2025/04/15 2:46 a.m.85 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.87211EPSS
Exploits7Affected Software1
ibm
ibm
added 2025/04/02 3:29 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.

Summary Golang's net/http is used by the CP4D Scheduling Service for http communication. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...

7.5CVSS7.1AI score0.91969EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/04/02 3:26 p.m.5 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-36129.

Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2024-36129. Vulnerability Details CVEID:CVE-2024-36129 DESCRIPTION: OpenTelemetry OpenTelemetry Collector is vulnerable to a denial of service, caused by an unsafe decompression vulnerability. By...

8.2CVSS7AI score0.00994EPSS
Exploits1Affected Software1
ibm
ibm
added 2025/04/02 3:21 p.m.12 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45506.

Summary HAProxy is used by the CP4D Scheduling Service for multicluster scheduling. CVE-2024-45506. Vulnerability Details CVEID:CVE-2024-45506 DESCRIPTION: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding...

7.5CVSS7.1AI score0.01203EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/04/02 3:17 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to IBM X-Force ID: 350626.

Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sendi...

6.8AI score
Exploits0Affected Software1
ibm
ibm
added 2025/03/26 2:34 a.m.90 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.15046EPSS
Exploits4Affected Software1
ibm
ibm
added 2024/03/27 8:12 p.m.54 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.04561EPSS
Exploits4Affected Software1
ibm
ibm
added 2023/05/31 5:23 p.m.61 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.2 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL...

8.1CVSS8.7AI score0.02416EPSS
Exploits5Affected Software1
ibm
ibm
added 2023/05/31 5:22 p.m.67 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.2 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL...

8.1CVSS8.7AI score0.02416EPSS
Exploits5Affected Software1
ibm
ibm
added 2023/02/27 8:37 p.m.34 views

Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)

Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...

7.5CVSS7.4AI score0.17611EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/12/15 1:55 a.m.31 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2018-8023 DESCRIPTION: Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token JWT implementation. By...

9.1CVSS9AI score0.12403EPSS
Exploits1Affected Software1
osv
osv
added 2022/06/30 5:15 p.m.6 views

CVE-2021-38941

IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...

8.1CVSS6AI score0.00854EPSS
Exploits0References2
prion
prion
added 2022/06/30 5:15 p.m.13 views

Design/Logic Flaw

IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...

5.5CVSS7.8AI score0.00854EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder