Lucene search
K

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 9:35 p.m.•24 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Db2 (October 2023 CPU)

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletin referred here to remedy the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...

5.9CVSS5.9AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 9:29 p.m.•31 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable ISC BIND denial of service vulnerabilities.

Summary Potential ISC BIND denial of service vulnerabilities CVE-2023-50868, CVE-2023-5517 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS8AI score0.81729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 9:28 p.m.•24 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to less atarbitrary command execution vulnerability [CVE-2024-32487]

Summary Potential less atarbitrary command execution vulnerability CVE-2024-32487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-32487...

8.6CVSS8.9AI score0.00628EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 9:26 p.m.•26 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to JSON-java denial of service vulnerability [CVE-2023-5072]

Summary Potential JSON-java denial of service vulnerability CVE-2023-5072 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-5072...

7.5CVSS7.4AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 8:13 p.m.•19 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pallets Jinja cross-site scripting [ CVE-2024-22195]

Summary Potential Pallets Jinja cross-site scripting CVE-2024-22195 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION:...

6.1CVSS6.2AI score0.00892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 7:15 p.m.•51 views

Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387

Summary Security Bulletin: IBM watsonx Orchestrate for IBM Cloud Pak for Data affected by vulnerability in OpenSSH CVE-2024-6387. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 5:16 p.m.•24 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Granularity of Access Control in Ceph (CVE-2023-43040)

Summary Ceph RGW is used by IBM Storage Ceph in RGW as part of storage. CVE-2023-43040 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized...

9.8CVSS6.4AI score0.02539EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 4:32 p.m.•26 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Elastic Elasticsearch denial of service [ CVE-2024-23450]

Summary Potential Elastic Elasticsearch denial of service CVE-2024-23450 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION...

7.5CVSS5.5AI score0.00943EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 4:30 p.m.•9 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (June 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 11:39 a.m.•28 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM shipped with IBM Java TXSeries for Multiplatforms. The version of IBM Java shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable issues. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified...

7.5CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 11:36 a.m.•16 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable issues. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attack...

7.5CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/06 11:33 a.m.•18 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Advanced

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable issues. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attack...

7.5CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:7 p.m.•31 views

Security Bulletin: IBM Storage Ceph is vulnerable to a NULL Pointer Dereference in the RHEL UBI (CVE-2023-49083)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-49083. Vulnerability Details CVEID:CVE-2023-49083 DESCRIPTION: Cryptography package for Python is vulnerable to a denial of...

7.5CVSS6.5AI score0.00985EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:7 p.m.•29 views

Security Bulletin: IBM Storage Ceph is vulnerable to Command Injection in the RHEL UBI (CVE-2023-50447)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-50447. Vulnerability Details CVEID:CVE-2023-50447 DESCRIPTION: Pillow could allow a remote attacker to execute arbitrary cod...

8.1CVSS9AI score0.01703EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:3 p.m.•32 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Input Validation in the RHEL UBI (CVE-2023-27043)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-27043. Vulnerability Details CVEID:CVE-2023-27043 DESCRIPTION: Python could allow a remote attacker to bypass security...

5.3CVSS6.4AI score0.02527EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:3 p.m.•32 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2023-39615)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-39615. Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused ...

6.5CVSS7.4AI score0.00667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:2 p.m.•38 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2023-2650, CVE-2023-3446, CVE-2023-4807)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-2650, CVE-2023-3446, CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial...

7.8CVSS7.4AI score0.73461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:1 p.m.•29 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Out-of-bounds Write in the RHEL UBI (CVE-2024-2961)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-2961. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by a...

7.3CVSS7.8AI score0.8833EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 10:1 p.m.•27 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Output Neutralization for Logs in the RHEL UBI (CVE-2023-28486)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28486. Vulnerability Details CVEID:CVE-2023-28486 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

5.3CVSS5.4AI score0.00915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:55 p.m.•16 views

Security Bulletin: IBM Storage Ceph is vulnerable to a NULL Pointer Dereference in the RHEL UBI (CVE-2024-33600)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33600. Vulnerability Details CVEID:CVE-2024-33600 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL...

5.9CVSS8.4AI score0.01216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:48 p.m.•11 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Okio GzipSource denial of service vulnerability [ CVE-2023-3635]

Summary Potential Okio GzipSource denial of service vulnerability CVE-2023-3635 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-3635...

7.5CVSS6.6AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:47 p.m.•21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Dnspython denial of service vulnerability[ CVE-2023-29483]

Summary Potential Dnspython denial of service vulnerability CVE-2023-29483 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-29483...

7CVSS6.9AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:46 p.m.•20 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to joblib arbitrary code execution vulnerability [ CVE-2024-34997]

Summary Potential joblib arbitrary code execution vulnerability CVE-2024-34997 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34997...

7.5CVSS7.8AI score0.00664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:44 p.m.•25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js micromatch module denial of service vulnerability[ CVE-2024-4067]

Summary Potential Node.js micromatch module denial of service vulnerability CVE-2024-4067 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

5.3CVSS6.3AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:43 p.m.•26 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Observable Discrepancy in the RHEL UBI (CVE-2023-5981)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-5981. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive...

5.9CVSS6.5AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:41 p.m.•24 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to ejs lack of pollution protection vulnerability [ CVE-2024-33883]

Summary Potential ejs aka Embedded JavaScript templates package lack of pollution protection vulnerability CVE-2024-33883 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

4CVSS4.2AI score0.00619EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:40 p.m.•25 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Observable Discrepancy in the RHEL UBI (CVE-2024-0553)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-0553 Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...

7.5CVSS7.3AI score0.01614EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:36 p.m.•24 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Link Resolution Before File Access or Time-of-check Time-of-use Race Condition in the RHEL UBI (CVE-2021-35937)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2021-35937 Vulnerability Details CVEID:CVE-2021-35937 DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to...

6.4CVSS6.5AI score0.00307EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:30 p.m.•29 views

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-42465)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-42465 Vulnerability Details CVEID:CVE-2023-42465 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to bypass...

7CVSS7.4AI score0.00541EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:56 p.m.•34 views

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerabilities (CVE-2024-4603, CVE-2024--2511)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4603 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVPPKEYparamcheck or EVPPKEYpubliccheck...

5.9CVSS5.5AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:55 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to webpack webpack-dev-middleware directory transversal vulnerability [CVE-2024-29180]

Summary Potential webpack webpack-dev-middleware directory transversal vulnerability CVE-2024-29180have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS7.5AI score0.01209EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:55 p.m.•35 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js follow-redirects module information disclosure vulnerability [ CVE-2024-28849]

Summary Potential Node.js follow-redirects module information disclosure vulnerability CVE-2024-28849 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:55 p.m.•22 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Thrift denial of service vulnerability [CVE-2020-13949]

Summary Potential Apache Thrift denial of service vulnerability CVE-2020-13949 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-13949...

7.5CVSS7.4AI score0.06779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:54 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Thrift security bypass vulnerability[ CVE-2018-1320]

Summary Potential Apache Thrift security bypass vulnerability CVE-2018-1320 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2018-1320...

7.5CVSS7.5AI score0.08188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:47 p.m.•23 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in the RHEL UBI (CVE-2023-45143)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-45143. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow a remote authenticated...

3.9CVSS5.3AI score0.01223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:46 p.m.•23 views

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-28487)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-28487. Vulnerability Details CVEID:CVE-2023-28487 DESCRIPTION: Sudo Project Sudo could allow a remote attacker to obtain...

5.3CVSS5.4AI score0.00953EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:44 p.m.•30 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Insertion of Sensitive Information Into Sent Data in the RHEL UBI (CVE-2023-46218)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-46218. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

6.5CVSS6.9AI score0.01685EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:42 p.m.•29 views

Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)

Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...

9.8CVSS8.8AI score0.02784EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:42 p.m.•25 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2023-7104)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-7104. Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow,...

7.3CVSS7.3AI score0.01249EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:36 p.m.•22 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Infinite Loop in Grafana (CVE-2024-24786)

Summary Protobuf is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: Protocol Buffers protobuf-go is vulnerable to a denial of service...

7.5CVSS6.4AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:33 p.m.•34 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Path Traversal in Grafana (CVE-2023-49568, CVE-2023-49569)

Summary Go Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-49568, CVE-2023-49569 Vulnerability Details CVEID:CVE-2023-49568 DESCRIPTION: go-git is vulnerable to a denial of service, caused by...

9.8CVSS9.2AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:26 p.m.•23 views

Security Bulletin: IBM Storage Ceph is vulnerable to CWE in the RHEL UBI (CVE-2023-43804)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-43804. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain...

8.1CVSS6.7AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:24 p.m.•17 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Inefficient Regular Expression Complexity in the RHEL UBI (CVE-2022-40897)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2022-40897. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused ...

5.9CVSS6.7AI score0.02617EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:24 p.m.•26 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Reachable Assertion in the RHEL UBI (CVE-2024-33601)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33601. Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memor...

7.3CVSS7.7AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:22 p.m.•20 views

Security Bulletin: IBM Storage Ceph is vulnerable to Buffer Under-read in the RHEL UBI (CVE-2024-25629)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-25629. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused by an...

5.5CVSS5.1AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:20 p.m.•24 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2022-40898)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2022-40898. Vulnerability Details CVEID:CVE-2022-40898 DESCRIPTION: Python Packaging Authority PyPA Wheel is vulnerable to a deni...

7.5CVSS7.2AI score0.02659EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:17 p.m.•25 views

Security Bulletin: IBM Storage Ceph is vulnerable to External Control of File Name or Path in the RHEL UBI (CVE-2023-38546)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-38546. Vulnerability Details CVEID:CVE-2023-38546 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

3.7CVSS7.1AI score0.06208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:15 p.m.•26 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Improper Check or Handling of Exceptional Conditions in the RHEL UBI (CVE-2024-33602)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33602. Vulnerability Details CVEID:CVE-2024-33602 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memor...

7.4CVSS8.4AI score0.00403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:15 p.m.•20 views

Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in the RHEL UBI (CVE-2022-25881)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:8 p.m.•23 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Improper Link Resolution Before File Access ('Link Following') in the RHEL UBI (CVE-2021-35939)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2021-35939. Vulnerability Details CVEID:CVE-2021-35939 DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to...

6.7CVSS7AI score0.00481EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35726