TencentOS Server 3: jose (TSSA-2024:0392)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0392 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Node.js jose module

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Node.js jose module Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted reques...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).

Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose versions prior to 2.0.7 and 4.15.5 that could allow an attacker to exhaust resources via a specially crafted JWE with compressed plaintext...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-36083

Summary Node.js module jose is used by IBM App Connect Enterprise Certified Container for securing internal communications and in connections by connectors to SaaS endpoints. IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service. This bulletin provides pat...

Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)

Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...