Lucene search
+L

236 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:0 a.m.3 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in data-target Attribute Handling in Bootstrap, affects watsonx.data

Summary A Cross-Site Scripting XSS vulnerability in Bootstrap versions before 3.4.0 and 4.0.0-beta.2 allows attackers to inject malicious code via the data-target attribute due to improper input handling. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In...

6.4CVSS6.5AI score0.1686EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:59 a.m.6 views

Security Bulletin: Memory Exhaustion via Excessive Cookies in HTTP Servers, affects watsonx.data

Summary HTTP servers may be vulnerable to memory exhaustion because, while HTTP headers have a 1MB limit, there is no limit on the number of cookies parsed. An attacker can send many small cookies e.g., a=; to trigger excessive memory allocation, potentially leading to high memory usage or...

5.3CVSS7.1AI score0.00534EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.12 views

Security Bulletin: TOCTOU Symlink Vulnerability in filelock, affects watsonx.data

Summary filelock versions prior to 3.20.1 are vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. Local attackers can exploit this via symlinks to corrupt or truncate arbitrary files during lock creation on Unix, Linux, macOS, and Windows. The issue is fixed in version 3.20.1; partia...

6.5CVSS7.3AI score0.00187EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.4 views

Security Bulletin: tCRLF Injection Vulnerability in Netty HttpRequestEncoder Leading to Request Smuggling, affects watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final are vulnerable to CRLF injection in HttpRequestEncoder, allowing request smuggling if URIs are not properly sanitized. The issue is fixed in versions 4.1.129.Final and 4.2.8.Final. This can affect watsonx.data. Vulnerability Details...

6.5CVSS6.6AI score0.00298EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:9 p.m.3 views

Security Bulletin: Inefficient Regex Complexity Vulnerability in brace-expansion Library (CVE-style Security Advisory), affects watsonx.data

Summary A vulnerability in the brace-expansion library versions up to 1.1.11, 2.0.1, 3.0.0, and 4.0.0 affects the expand function, allowing specially crafted input to trigger inefficient regular expression processing. This can lead to excessive CPU usage ReDoS, potentially degrading performance...

3.1CVSS4.6AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:0 p.m.7 views

Security Bulletin: Memory Safety Vulnerabilities in SSH Agents and Servers: Out-of-Bounds Read and Unbounded Memory Consumption, affects watsonx.data

Summary SSH Agent servers are vulnerable to out-of-bounds reads when processing malformed new identity requests, which can cause the agent to panic. Additionally, SSH servers handling GSSAPI authentication requests do not validate the number of mechanisms specified, potentially allowing attackers...

5.3CVSS6.7AI score0.0057EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:42 p.m.9 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has a...

8.9CVSS6.9AI score0.00705EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:40 p.m.15 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2026-24486,CVE-2025-50537,CVE-2026-24688)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using...

8.6CVSS6.9AI score0.02228EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:39 p.m.7 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intend...

7.8CVSS6.7AI score0.01736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:38 p.m.13 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

7.5CVSS6.7AI score0.0106EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:21 a.m.6 views

Security Bulletin: Command Injection Vulnerability in FastMCP server_name Field Enables Arbitrary Command Execution on Windows affects watsonx.data

Summary FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This can affect...

7.8CVSS6.1AI score0.00206EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:20 a.m.5 views

Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data

Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...

6.1CVSS6.7AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:20 a.m.7 views

Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data

Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/17 12:36 p.m.6 views

Security Bulletin: Race Condition in Eclipse Jersey (Versions 2.45, 3.0.16, 3.1.9) May Bypass Critical SSL Configurations and Compromise Secure Connections, affects watsonx.data

Summary In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under...

9.4CVSS5.8AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 4:29 a.m.6 views

Security Bulletin: Inefficient Regular Expression Complexity (ReDoS) Vulnerability in nth-check affect IBM watsonx.data

Summary nth-check is vulnerable to Inefficient Regular Expression Complexity. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS...

7.5CVSS5.7AI score0.02165EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:38 p.m.7 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in serialize-javascript Due to Improper Input Sanitization affects watsonx.data

Summary A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when...

5.4CVSS5.9AI score0.01081EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:30 p.m.9 views

Security Bulletin: Source Code Exposure Vulnerability in webpack-dev-server (Fixed in Version 5.2.1) affects watsonx.data

Summary webpack-dev-server versions prior to 5.2.1 are vulnerable to source code exposure when users visit a malicious website. Due to classic script requests not being restricted by the same-origin policy, an attacker who knows the dev server port and entry script path can inject a script, acces...

6.5CVSS5.9AI score0.00427EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:28 p.m.7 views

Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...

6.9CVSS7.2AI score0.01594EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 1:28 a.m.9 views

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

3.8CVSS5.5AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 10:18 p.m.6 views

CVE-2025-36183

IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data...

2.7CVSS5.8AI score0.00185EPSS
Exploits0References1
Rows per page
Query Builder