236 matches found
Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data
Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
CVE-2025-36140
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
Security Bulletin: An authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits, affects watsonx.data
Summary An authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36140 DESCRIPTION: IBM Lakehouse could allow an authenticated user to cause a denial of...
Security Bulletin: Netty HTTP/2 MadeYouReset Vulnerability Allows Bypass of Max Concurrent Streams, Enabling DDoS Attacks, affects watsonx.data
Summary Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max...
Security Bulletin: Netty Affected by Decompression Flaw Where BrotliDecoder Allocates Unlimited Buffers, Enabling DoS, affects watsonx.data
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...
EUVD-2025-201829
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140 IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
CVE-2025-36140
CVE-2025-36140 affects IBM watsonx.data versions 2.2–2.2.1. An authenticated user can cause a denial of service in ingestion pods due to improper allocation of resources without limits. Remediation: upgrade to watsonx.data 2.2.2 or move to CPD 5.2.2 as per IBM bulletin. The vulnerability details ...
CVE-2025-36140 IBM watsonx.data Denial of Service
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
IBM Watsonx.data 安全漏洞
IBM Watsonx.data is an open data lake warehouse platform from International Business Machines IBM. A security vulnerability exists in IBM watsonx.data versions 2.2 through 2.2.1, which stems from an improper allocation of resources and could lead to a denial of service...
PT-2025-49602
IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits...
Security Bulletin: CodeMirror Regex Vulnerability Enables ReDoS Before 5.58.2, affects watsonx.data
Summary This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. Th...
Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data
Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...
Security Bulletin: Moby Multiple Concurrency and NULL Pointer Dereference Vulnerabilities Leading to DoS and Data Corruption, affects watsonx.data
Summary Multiple vulnerabilities affect Moby across versions 25.x–26.0.2, including a NULL pointer dereference in daemon/images/imagehistory.go v25.0.0–v26.0.2 that can crash the daemon, a race condition in builder/builder-next/adapters/snapshot/layer.go v25.0.5 that allows concurrent builds to...
Security Bulletin: Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability, affects watsonx.data
Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and...
Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data
Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...
Security Bulletin: Jetty HTTP/2 Unvalidated SETTINGS_MAX_HEADER_LIST_SIZE Leads to Out-of-Memory DoS , affects watsonx.data
Summary In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified...
Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data
Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...
Security Bulletin: HTTP request smuggling vulnerability in Go net/http due to improper LF handling in chunked encoding, affects watsonx.data
Summary The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. This could affect watsonx.data...