104 matches found
EUVD-2017-17759
Malware in sbrugna...
Security Bulletin: AIX is vulnerable to sensitive information disclosure (CVE-2025-0167, CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl
Summary Vulnerabilities in cURL libcurl could allow a remote attacker to obtain sensitive information CVE-2025-0167, CVE-2024-11053 or cause a denial of service CVE-2024-9681. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with...
AIX is vulnerable to sensitive information disclosure (CVE-2025-0167 CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl
IBM SECURITY ADVISORY First Issued: Wed Jun 4 08:15:59 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory7.asc Security Bulletin: AIX is vulnerable to sensitive information disclosure CVE-2025-0167, CVE-2024-11053 and...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary LibTIFF is used by IBM Robotic Process Automation for Cloud Pak as part of the .NET Core and Watson NLP CVE-2022-48281, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, . ncurses is used by IBM Robotic Process Automation for Cloud Pak as part of base container...
Security Bulletin: IBM Cognos Analytics is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Java™, IBM WebSphere Application Server Liberty and Open-Source Software OSS components used by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Open URL Redirection and Link Manipulation vulnerabilities. For more information abou...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Progress DataDirect Connect for ODBC
Summary Multiple vulnerabilities in Progress DataDirect Connect for ODBC used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-34363 DESCRIPTION: Progress DataDirect Connect for ODBC could allow a remote attacker to obtain sensitive information, caused by...
Security Bulletin: IBM Watson Speech Services Cartridge v4.8.7 is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge v4.8.7 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below...
Linux Distros Unpatched Vulnerability : CVE-2014-3613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary...
Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...
Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities
Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IB...
Security Bulletin: Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...
Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.
Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7
Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, CVE-2022-35260, CVE-2022-42915,...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused by an...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466, CVE-2024-2004) due to cURL libcurl
Summary Vulnerabilities in cURL libcurl could allow a remote attacker to cause a denial of servce CVE-2024-2398 or bypass security restrictions CVE-2024-2466, CVE-2024-2004. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HM...