openSUSE Security Advisory (SUSE-SU-2024:3745-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : protobuf (SUSE-SU-2024:3745-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:3745-1 advisory. - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778 Tenable has extracted t...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2024:3746-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2024:3745-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer bsc1230778...

OpenSSL Security Vulnerabilities

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)

Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana in build 261 Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a specially-crafted message, a...

Security Bulletin: IBM Security Verify Governance is affected by multiple vulnerabilities

Summary IBM Security Verify Governance uses various components, such as IBM Java, and Dojo. Security vulnerabilities in multiple components have been addressed in the IBM Security Verify Governance update. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-jav...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Google Protocol Buffer protobuf-cpp (CVE-2022-1941)

Summary DFDL message parsing in IBM App Connect Enterprise is affected by a denial of service due to Google Protocol Buffer protobuf-cpp CVE-2022-1941. The fix includes 3.21.5. Vulnerability Details CVEID:CVE-2022-1941 DESCRIPTION: protobuf is vulnerable to a denial of service, caused by a parsin...

Debian: Security Advisory (DSA-5502-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By using the...

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3510)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: Multiple Vulnerabilities in Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2022-3509, CVE-2022-3171)

Summary A parsing issue in Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis can lead to a denial of service attack. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing...

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote attacker...

Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)

Summary Google Protocol Buffer shipped with IBM Operations Analytics - Log Analysis is vulnerable to denial of service Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by an issue with allow interleaving of...

Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics

Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...

PBC denial of service vulnerability

PBC is a Google Protocol Buffer Library for C from the individual developers at cloudwu in China. A denial of service vulnerability exists in PBC 2022-8-27 and prior versions, which stems from a segmentation error in the PBCwmessageinteger function in src/wmessage.c:137. An attacker could exploit...