CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-25378

Malware in sbrugna...

8.1CVSS5.8AI score0.00133EPSS

Exploits0References3

IBM Security Bulletins•added 2025/06/05 5:39 p.m.•8 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-22870

Summary golang.org/x/net-v0.25.0 and golang.org/x/net-v0.33.0 are used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environmen...

4.4CVSS6.8AI score0.00024EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/06/03 1:56 p.m.•19 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

7.5CVSS7.3AI score0.40993EPSS

Exploits7Affected Software1

IBM Security Bulletins•added 2025/06/03 1:54 p.m.•8 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...

5.3CVSS6.4AI score0.00041EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/29 2:0 a.m.•55 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS10AI score0.56395EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2025/04/15 3:11 a.m.•51 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.1 Vulnerability Details CVEID:CVE-2024-39705 DESCRIPTION: Natural Language Toolkit NLTK could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when an untrusted packages have...

10CVSS10AI score0.10792EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2025/04/15 3:3 a.m.•85 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...

8.8CVSS10AI score0.88359EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2025/04/15 2:46 a.m.•79 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...

8.2CVSS10AI score0.75933EPSS

Exploits7Affected Software1

IBM Security Bulletins•added 2025/04/02 3:29 p.m.•7 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.

Summary Golang's net/http is used by the CP4D Scheduling Service for http communication. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...

7.5CVSS7.1AI score0.75268EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/02 3:26 p.m.•3 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-36129.

Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2024-36129. Vulnerability Details CVEID:CVE-2024-36129 DESCRIPTION: OpenTelemetry OpenTelemetry Collector is vulnerable to a denial of service, caused by an unsafe decompression vulnerability. By...

8.2CVSS7AI score0.02397EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2025/04/02 3:21 p.m.•9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45506.

Summary HAProxy is used by the CP4D Scheduling Service for multicluster scheduling. CVE-2024-45506. Vulnerability Details CVEID:CVE-2024-45506 DESCRIPTION: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding...

7.5CVSS7.1AI score0.01495EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/04/02 3:17 p.m.•6 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to IBM X-Force ID: 350626.

Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sendi...

6.8AI score

Exploits0Affected Software1

IBM Security Bulletins•added 2025/03/26 2:34 a.m.•86 views

Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

Summary This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 Vulnerability...

9.1CVSS8.5AI score0.68838EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2024/03/27 8:12 p.m.•50 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.0 Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a specially...

9.8CVSS9.2AI score0.60124EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2023/05/31 5:23 p.m.•56 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7.2 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted SpEL...

8.1CVSS8.7AI score0.03393EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2023/05/31 5:22 p.m.•65 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

8.1CVSS8.7AI score0.03393EPSS

Exploits5Affected Software1

IBM Security Bulletins•added 2023/02/27 8:37 p.m.•31 views

Security Bulletin: IBM CloudPak foundational services (Events Operator) is affected by potential data integrity issue (CVE-2020-25649)

Summary The IBM Cloud Platform Common Services Events Operator is potentially vulnerable to a data integrity issue Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly...

7.5CVSS7.4AI score0.00075EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2022/12/15 1:55 a.m.•26 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2018-8023 DESCRIPTION: Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token JWT implementation. By...

9.1CVSS9AI score0.02263EPSS

Exploits1Affected Software1

OSV•added 2022/06/30 5:15 p.m.•0 views

CVE-2021-38941

IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...

8.1CVSS6AI score0.00133EPSS

Exploits0References2

Prion•added 2022/06/30 5:15 p.m.•9 views

Design/Logic Flaw

5.5CVSS7.8AI score0.00133EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by