Lucene search
K

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:8 p.m.•38 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Heap-based Buffer Overflow in the RHEL UBI (CVE-2023-4911)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-4911 Vulnerability Details CVEID:CVE-2023-4911 DESCRIPTION: glibc could allow a local authenticated attacker to gain elevate...

7.8CVSS8.1AI score0.81422EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:0 p.m.•12 views

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable CVEs...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:0 p.m.•44 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in Ceph (CVE-2018-20677, CVE-2018-20676, CVE-2019-8331, CVE-2018-14042, CVE-2018-14040, CVE-2016-10735)

Summary Bootstrap is used by IBM Storage Ceph as part of Ceph Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2018-20677, CVE-2018-20676, CVE-2019-8331, CVE-2018-14042, CVE-2018-14040, CVE-2016-10735. Vulnerability Details...

6.1CVSS6.3AI score0.1686EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 7:51 p.m.•28 views

Security Bulletin: IBM Storage Ceph is vulnerable to Files or Directories Accessible to External Parties in Grafana (CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109)

Summary Moby is used by IBM Storage Ceph in Grafana as part of metrics. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2021-41089, CVE-2022-24769, CVE-2021-41091, CVE-2018-20699, CVE-2022-36109. Vulnerability Details CVEID:CVE-2022-36109 DESCRIPTION: Moby...

6.3CVSS8AI score0.02693EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 7:50 p.m.•28 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus-JOSE-JWT ( CVE-2023-52428)

Summary A vulnerability in Connect2id Nimbus-JOSE-JWT that is used by the JDBC driver in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user...

7.5CVSS9.2AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 7:47 p.m.•18 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Verification of Cryptographic Signature in the RHEL UBI (CVE-2024-0567)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-0567. Vulnerability Details CVEID:CVE-2024-0567 DESCRIPTION: GnuTLS is vulnerable to a denial of service, caused by a flaw...

7.5CVSS7.5AI score0.01408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 7:42 p.m.•18 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Improper Link Resolution Before File Access in the RHEL UBI (CVE-2021-35938)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2021-35938. Vulnerability Details CVEID:CVE-2021-35938 DESCRIPTION: RPM Project RPM could allow a local authenticated attacker to...

6.7CVSS6.9AI score0.00491EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 7:41 p.m.•23 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Privilege Management in Grafana (CVE-2024-1442)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-1442. Vulnerability Details CVEID:CVE-2024-1442 DESCRIPTION: Grafana could allow a remote authenticated attacker to bypass security...

8.8CVSS5.7AI score0.00802EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 9:25 a.m.•30 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ v10.0.9. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive...

7.5CVSS7.8AI score0.01471EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:21 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

7.5CVSS7.2AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:19 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

7.5CVSS7.2AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/05 8:19 a.m.•16 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353.

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.4 which is vulnerable to CVE-2024-27268 and CVE-2024-22353. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22353 DESCRIPTION: IBM...

7.5CVSS7.2AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/03 1:5 p.m.•52 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-40898, CVE-2024-40725)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

9.1CVSS6.7AI score0.04134EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/03 1:1 p.m.•28 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

5.3CVSS5.6AI score0.01454EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/03 3:51 a.m.•36 views

Security Bulletin: Vulnerabilities in Jackson affect Cloud Pak System [CVE-2023-3894, 256137]

Summary Vulnerabilities in Jackson affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-3894 DESCRIPTION: FasterXML jackson-dataformats-text is vulnerable to a denial of service, caused by a stackoverflow parsing TOML data. By sending a specially crafted TOML data, a remote attacker coul...

7.5CVSS6.5AI score0.00741EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/03 12:43 a.m.•48 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities. Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in...

7.5CVSS9.4AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/02 10:10 p.m.•39 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22262]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder CVE-2024-22262. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

8.1CVSS7.6AI score0.01191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/02 8:4 a.m.•66 views

Security Bulletin: gunicorn-20.1.0-py3-none-any

Summary Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn'...

7.5CVSS7.4AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/02 7:51 a.m.•36 views

Security Bulletin: authlib-cve202437568-sec-bypass

Summary Authlib security bypass Vulnerability Details CVEID:CVE-2024-37568 DESCRIPTION: Authlib could allow a remote attacker to bypass security restrictions, caused by an algorithm confusion with asymmetric public keys. By sending a specially crafted request, an attacker could exploit this...

7.5CVSS7.4AI score0.00382EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/02 3:35 a.m.•17 views

Security Bulletin: IBM Content Navigator is vulnerable to Cross Site Port Attack due to Daeja ViewONE (CVE-2024-31897)

Summary Daeja ViewOne Virtual is used by IBM Content Navigator as part of the document viewer. CVE-2024-31897 Vulnerability Details CVEID:CVE-2024-31897 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0....

4.3CVSS4.7AI score0.00297EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 9:17 p.m.•36 views

Security Bulletin: IBM Content Navigator is vulnerable to Denial of Service (DoS) due to Apache Commons Compress (CVE-2024-26308, CVE-2024-25710)

Summary Apache Commons Compress is used by IBM Content Navigator to work with archive files. CVE-2024-26308, CVE-2024-25710 Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victi...

8.1CVSS6.5AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 9:13 p.m.•46 views

Security Bulletin: IBM Content Navigator is vulnerable to Server Side Request Forgery leading to Arbitrary File Read due to Oracle Outside In Technology (CVE-2023-35896)

Summary Oracle Outside In Technology is used in some configurations of IBM Content Navigator as part of the document viewer. CVE-2023-35896. Vulnerability Details CVEID:CVE-2023-35896 DESCRIPTION: IBM Content Navigator is vulnerable to server-side request forgery SSRF. This may allow an...

5.4CVSS5.2AI score0.00289EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 7:48 p.m.•29 views

Security Bulletin: Multiple Vulnerabilities in Db2 affect Cloud Pak System

Summary Multiple Vulnerabilities found in Db2 affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. CVSS...

7.5CVSS6.1AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 6:52 p.m.•21 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation...

4.3CVSS6.2AI score0.01956EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 6:47 p.m.•46 views

Security Bulletin: Vulnerabilities in Golang Go affect Cloud pak System [CVE-2023-39319, CVE-2023-39318]

Summary Vulnerabilities in Golang Go affect Cloud Pak System Software. Vulnerability Details CVEID:CVE-2023-39319 DESCRIPTION: Golang Go is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the html/template package. A remote attacker could exploit this...

6.1CVSS7AI score0.00815EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 5:49 p.m.•33 views

Security Bulletin: Vulnerability in Node.js http-cache-semantics affects IBM Cloud Pak System

Summary Vulnerability in Node.js http-cache-semantics affects IBM Cloud Pak SystemCVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sendi...

7.5CVSS6.7AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 5:24 p.m.•62 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (3)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...

7.8CVSS8.7AI score0.00655EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 5:22 p.m.•42 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues (2)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...

8CVSS8.4AI score0.01408EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:35 p.m.•39 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Bouncy Castle Crypto Package For Java [CVE-2024-29857]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Bouncy Castle Crypto Package For Java, caused by improper input validation CVE-2024-29857. Bouncy Castle Crypto Package is used as a component of our Speech Java Microservices. This...

7.5CVSS7.2AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:34 p.m.•28 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Bouncy Castle Crypto Package For Java [CVE-2024-30172]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Bouncy Castle Crypto Package For Java, caused by an infinite loop in the Ed25519 verification code CVE-2024-30172. Bouncy Castle Crypto Package is used as a component...

7.5CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:33 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Bouncy Castle Crypto Package For Java [CVE-2024-30171]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Bouncy Castle Crypto Package For Java, caused by a flaw in the RSA decryption both PKCS1v1.5 and OAEP feature CVE-2024-30171. Bouncy Castle Crypto Packag...

5.9CVSS6.2AI score0.00901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:28 p.m.•26 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Bouncy Castle Crypto Package For Java [CVE-2024-34447]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Bouncy Castle Crypto Package For Java, caused by a flaw when endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname...

7.5CVSS7.4AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:28 p.m.•52 views

Security Bulletin: Multiple Vulnerabilities in Golang affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-29409 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large R...

7.5CVSS6.8AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:26 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Speex [CVE-2020-23903]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Speex, caused by a divide-by-zero vulnerability in the function static int readsamples CVE-2020-23903. Speex is used by our Speech Service runtimes. This vulnerabilitiy has been...

5.5CVSS5.3AI score0.0094EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:24 p.m.•25 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in onnx [CVE-2024-27319]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in onnx, caused by an out-of-bounds read in the ONNXASSERT and ONNXASSERTM functions CVE-2024-27319. Onyx is used by our Speech Service runtimes. This vulnerabilitiy has been...

9.1CVSS4.9AI score0.00594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:21 p.m.•31 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to path traversal in onnx [CVE-2024-27318]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to path traversal in onnx, caused by improper validation of user requests CVE-2024-27318. Onyx is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS7.3AI score0.01189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:19 p.m.•26 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution, in Pallets Werkzeug [CVE-2024-34069]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution, in Pallets Werkzeug, caused by improper usage of a pathname and improper CSRF protection in the debuggerCVE-2024-34069. Pallets Werkzeug is used by our Speech Service runtimes. Th...

7.5CVSS7.7AI score0.03397EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:16 p.m.•29 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Kubernetes kube-apiserver [ CVE-2024-3177]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Kubernetes kube-apiserver, caused by a flaw when using containers, init containers, and ephemeral containers with the envFrom field populated CVE-2024-3177. Kubernetes...

2.7CVSS3.7AI score0.02224EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 4:3 p.m.•53 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...

8.1CVSS8.4AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 3:33 p.m.•34 views

Security Bulletin: Cloud Pak System is vulnerable to Node.js ReDos (CVE-2022-25883)

Summary ReDos vulnerability found in semver Node.js package affects Cloud Pak System. IBM Cloud Pak System Software has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression...

7.5CVSS7.3AI score0.02761EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 3:31 p.m.•25 views

Security Bulletin: This Power System update is being released to address CVE-2023-1017 and CVE-2023-1018

Summary An attacker with access to the host could send malformed commands to the TPM which would result in a TPM DoS. A complete power cycle of the system is required to recover. Vulnerability Details CVEID:CVE-2023-1017 DESCRIPTION: Trusted Computing Group Trusted Platform Module could allow a...

7.8CVSS7.2AI score0.05552EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 1:38 p.m.•27 views

Security Bulletin: Vulnerability in Node.js request affects IBM Cloud Pak System[CVE-2023-28155]

Summary Vulnerability in Node.js request affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerable to server-side request forgery, caused by a cross-protocol redirect bypass flaw. By sending a specially crafted request, an attacker...

6.1CVSS6.1AI score0.00719EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 1:30 p.m.•40 views

Security Bulletin: Vulnerability in Go affect Cloud Pak System [CVE-2023-39323]

Summary Vulnerability in Golang Go affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-39323 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by improper enforcement of line directive restrictions in the "//go:cgo" directives. By...

8.1CVSS8.2AI score0.01762EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 1:25 p.m.•24 views

Security Bulletin: Vulnerabilty in Node.js affect Cloud Pak System [CVE-2023-26155]

Summary Vulnerability in node.js word-wrap affects Cloud Pak System. IBM Cloud Pak System has addressed vulnerability. Vulnerability Details CVEID:CVE-2023-26115 DESCRIPTION: Node.js word-wrap module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw...

9.8CVSS7AI score0.02079EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 1:2 p.m.•24 views

Security Bulletin: Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System [CVE-2018-6561]

Summary Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper validation of user-supplied input. A remote attacker could exploit this...

6.1CVSS6AI score0.0115EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 12:54 p.m.•33 views

Security Bulletin: Vulnerability in Node.js terser affect Cloud Pak System[CVE-2022-25858]

Summary Vulnerability found in Node.js terser module affect Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-25858 DESCRIPTION: Node.js terser module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.6AI score0.0232EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 12:45 p.m.•38 views

Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]

Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...

7.5CVSS6.7AI score0.24928EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 10:46 a.m.•39 views

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS8.2AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 10:31 a.m.•54 views

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-35176 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content contains...

5.3CVSS5.5AI score0.02064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/08/01 10:17 a.m.•25 views

Security Bulletin: Vulnerability in Java affect Cloud Pak System [CVE-2022-21426]

Summary Vulnerability in Java affect Cloud Pak System CVE-2022-21426. Cloud Pak System has adddressed this vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause ...

5.3CVSS5.9AI score0.03203EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35726