Lucene search
+L

236 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 11:8 a.m.5 views

Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data

Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS5.5AI score0.00382EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/09 10:20 p.m.7 views

CVE-2025-36140

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS6.3AI score0.00249EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 3:51 p.m.7 views

Security Bulletin: An authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits, affects watsonx.data

Summary An authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36140 DESCRIPTION: IBM Lakehouse could allow an authenticated user to cause a denial of...

6.5CVSS6.3AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 4:55 a.m.9 views

Security Bulletin: Netty HTTP/2 MadeYouReset Vulnerability Allows Bypass of Max Concurrent Streams, Enabling DDoS Attacks, affects watsonx.data

Summary Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max...

8.2CVSS6.7AI score0.01049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/09 4:54 a.m.8 views

Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

7.5CVSS6.5AI score0.00561EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/12/09 12:31 a.m.5 views

EUVD-2025-201829

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References2
OSV
OSV
added 2025/12/08 11:15 p.m.7 views

CVE-2025-36140

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/08 10:11 p.m.4 views

CVE-2025-36140 IBM watsonx.data Denial of Service

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS6AI score0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 10:11 p.m.13 views

CVE-2025-36140

CVE-2025-36140 affects IBM watsonx.data versions 2.2–2.2.1. An authenticated user can cause a denial of service in ingestion pods due to improper allocation of resources without limits. Remediation: upgrade to watsonx.data 2.2.2 or move to CPD 5.2.2 as per IBM bulletin. The vulnerability details ...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/08 10:11 p.m.26 views

CVE-2025-36140 IBM watsonx.data Denial of Service

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.5 views

IBM Watsonx.data 安全漏洞

IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. A security vulnerability exists in IBM watsonx.data versions 2.2 through 2.2.1, which stems from an improper allocation of resources and could lead to a denial of service...

6.5CVSS6.3AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/08 12:0 a.m.8 views

PT-2025-49602

IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...

6.5CVSS6.4AI score0.00249EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 3:40 p.m.7 views

Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data

Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...

7.5CVSS6.6AI score0.05197EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:22 a.m.6 views

Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data

Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...

7.5CVSS6.8AI score0.03514EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:21 a.m.8 views

Security Bulletin: Moby Multiple Concurrency and NULL Pointer Dereference Vulnerabilities Leading to DoS and Data Corruption, affects watsonx.data

Summary Multiple vulnerabilities affect Moby across versions 25.x–26.0.2, including a NULL pointer dereference in daemon/images/imagehistory.go v25.0.0–v26.0.2 that can crash the daemon, a race condition in builder/builder-next/adapters/snapshot/layer.go v25.0.5 that allows concurrent builds to...

8.1CVSS8.6AI score0.00779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:20 a.m.6 views

Security Bulletin: Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability, affects watsonx.data

Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 8:44 a.m.7 views

Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data

Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...

7.5CVSS6.6AI score0.00527EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 8:41 a.m.7 views

Security Bulletin: Jetty HTTP/2 Unvalidated SETTINGS_MAX_HEADER_LIST_SIZE Leads to Out-of-Memory DoS , affects watsonx.data

Summary In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified...

7.5CVSS6.8AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 12:30 p.m.6 views

Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data

Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...

6.5CVSS6.7AI score0.00502EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/07 4:43 a.m.3 views

Security Bulletin: HTTP request smuggling vulnerability in Go net/http due to improper LF handling in chunked encoding, affects watsonx.data

Summary The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. This could affect watsonx.data...

9.1CVSS7.4AI score0.00778EPSS
Exploits0Affected Software1
Rows per page
Query Builder