Lucene search
K

177 matches found

OSV
OSV
added 2023/07/04 2:15 p.m.4 views

CVE-2023-2974

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol...

8.1CVSS5.7AI score0.00882EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/07/04 1:24 p.m.43 views

CVE-2023-2974 Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol...

6.5CVSS8.2AI score0.00882EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.4 views

Quarkus 安全漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from the unenforced use of the TLS protocol and the ability of a client to force an option to support a weaker TLS protocol...

8.1CVSS7.1AI score0.00882EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.9 views

PT-2023-3549 · Unknown · Quarkus-Core

Name of the Vulnerable Software and Affected Versions: quarkus-core affected versions not specified Description: A vulnerability was found in the implementation of the TLS protocol in the Quarkus Java framework. This issue is related to the insufficient reliability of encryption when using the...

8.1CVSS6.9AI score0.00882EPSS
Exploits0References13
Debian CVE
Debian CVE
added 2023/04/21 12:0 a.m.17 views

CVE-2021-33589

Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm...

7.5CVSS7.5AI score0.00492EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/14 2:32 p.m.26 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM BladeCenter Advanced Management Module (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by IBM BladeCenter Advanced Management Module AMM. AMMhas addressed the applicable CVEs...

5CVSS7.5AI score0.98685EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.13 views

K76610106: F5 IPsec vulnerability CVE-2020-5938

Security Advisory Description When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. CVE-2020-5938 Impact IPsec connections can be created with a different key length than specified in...

6.5CVSS6.3AI score0.00523EPSS
Exploits0Affected Software14
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-5794

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging...

7.5CVSS6.9AI score0.02681EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.2 views

SUSE CVE-2015-3276

The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors...

7.5CVSS7.3AI score0.05333EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/06 3:6 a.m.16 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to weaker than expected security due to Node.js bcprov-jdk15on (235079)

Summary IBM Sterling Connect:Direct Web Services uses Node.js org.bouncycastle:bcprov-jdk15on module which could provide weaker than expected security. The issue has been addressed. Vulnerability Details IBM X-Force ID: 235079 DESCRIPTION: Node.js org.bouncycastle:bcprov-jdk15on module could...

7.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/08 10:36 a.m.35 views

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security

Summary FasterXML Jackson Databind used by CICS Transaction Gateway could provide weaker than expected security, caused by not having entity expansion secured properly CVE-2020-25649. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION:...

7.5CVSS7.5AI score0.17611EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.6 views

PT-2022-22145 · Ibm · Ibm Sterling Secure Proxy

Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy version 6.0.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM Sterling...

7.5CVSS7.1AI score0.00375EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/01 4:58 p.m.38 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to CVE-2022-35255 and CVE-2022-35256

Summary Node.js is used as a runtime engine by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands may be vulnerable to HTTP request smuggling and weaker than expected security. This bulletin provides patch...

9.1CVSS8.2AI score0.02587EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/11/16 12:0 a.m.32 views

IBM CICS TX Encryption Issue Vulnerability

IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...

7.5CVSS3.5AI score0.00486EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/25 2:32 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...

9.8CVSS9.3AI score0.68796EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/21 8:22 p.m.99 views

Security Bulletin: Multiple Vulnerabilities in node.js

Summary Security Vulnerabilities in node.js affect IBM Voice Gateway. Vulnerability Details CVEID:CVE-2022-35256 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http...

9.1CVSS7.9AI score0.02587EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/03 6:44 p.m.58 views

Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs

Summary 3.5 Fixes the following vulnerabilities: CVE-2022-1154, CVE-2018-25032, CVE-2020-29582, CVE-2022-24329, CVE-2022-29217, CVE-2022-22476, CVE-2022-1271, CVE-2022-0778 Vulnerability Details CVEID:CVE-2022-1154 DESCRIPTION: Vim is vulnerable to a heap-based buffer overflow, caused by a...

8.8CVSS9.3AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/21 8:55 p.m.55 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents

Summary Multiple vulnerabilities in OpenSSL affect the IBM Spectrum Protect Plus SQL, File Indexing, and Windows Host agents. These vulnerabilities include execution of arbitrary commands, weaker than expected security, and denial of service. Vulnerability Details CVEID:CVE-2022-1292 DESCRIPTION:...

10CVSS9.1AI score0.95764EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/11 4:0 p.m.76 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...

9.8CVSS0.9AI score0.99677EPSS
Exploits120Affected Software1
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.2 views

IBM Spectrum Scale 加密问题漏洞

IBM Spectrum Scale is a scalable data and file management solution from IBM based on IBM GPFS an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improving security and management efficiency in...

7.5CVSS6.4AI score0.00694EPSS
Exploits0References3
Rows per page
Query Builder