2138 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-7.5.7.tgz Vulnerability Details CVEID:CVE-2026-26960 DESCRIPTION: node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink insid...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0
Summary IBM Watson Discovery Cartridge affected by vulnerability in google.golang.org/grpc-v1.62.0 Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in minimatch-3.1.2.tgz Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regul...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.2.tgz Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in once-1.1.2.tgz Vulnerability Details CVEID:CVE-2026-3449 DESCRIPTION: Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. T...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-28351 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in zookeeper-3.8.4.jar Vulnerability Details CVEID:CVE-2026-24281 DESCRIPTION: Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto [CVE-2025-61724]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto, due to an issue in the Reader.ReadResponse function which can cause excessive CPU consumption CVE-2025-61724. Net/textproto is used in our speech utilities. This vulnerabilitiy has bee...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52981 DESCRIPTION: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar Vulnerability Details CVEID:CVE-2024-52979 DESCRIPTION: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar Vulnerability Details CVEID:CVE-2024-52979 DESCRIPTION: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)
Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)
Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)
Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...