224 matches found
EUVD-2016-9825
Malware in sbrugna...
EUVD-2023-27572
Malicious code in bioql PyPI...
EUVD-2022-41283
Malicious code in bioql PyPI...
EUVD-2022-44020
Malicious code in bioql PyPI...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to multiple vulnerabilities due to the Bouncy Castle package
Summary Bouncy Castle is used by DataStage on Cloud Pak for Data as part of cryptography functionality. Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73....
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)
Summary The GNU C library is used by DataStage on Cloud Pak for Data as part of general processing. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to insecure connections due to the redshift package (CVE-2025-5279)
Summary Redshift is used by DataStage on Cloud Pak for Data as part of the dataset processing fuctionality. Vulnerability Details CVEID:CVE-2025-5279 DESCRIPTION: When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SS...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overflows due to the unixODBC package (CVE-2024-1013)
Summary unixODBC is used by DataStage on Cloud Pak for Data as part of database communication. Vulnerability Details CVEID:CVE-2024-1013 DESCRIPTION: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to buffer overflow due to the zlib package (CVE-2023-45853)
Summary Zlib is used by DataStage on Cloud Pak for Data as part of buffer compression functionality. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename,...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overwrite due to the libcurl package (CVE-2024-6197)
Summary libcurl is used by DataStage on Cloud Pak for Data as part of API communication. Vulnerability Details CVEID:CVE-2024-6197 DESCRIPTION: libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the lodash package (CVE-2021-23337)
Summary Lodash is used by DataStage on Cloud Pak for Data as part of data manipulation. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CWE:CWE-94: Improper Control of Generation of Code 'Code...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the gRPC package ( CVE-2020-7768)
Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2020-7768 DESCRIPTION: The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CWE:CWE-1321:...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a null pointer dereference due to the libarchive package (CVE-2024-48615)
Summary libarchive is used by DataStage on Cloud Pak for Data as part of data formatting. Vulnerability Details CVEID:CVE-2024-48615 DESCRIPTION: Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function headerpaxextension at...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)
Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to unwanted disconnects due to the gRPC package (CVE-2023-33953)
Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2023-33953 DESCRIPTION: gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to several issues due to the Python package (CVE-2024-6232, CVE-2024-7592, CVE-2024-7592)
Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to out of bounds memory access due to the libssh2 package (CVE-2020-22218)
Summary libssh2 is used by DataStage on Cloud Pak for Data as part of secure communications. Vulnerability Details CVEID:CVE-2020-22218 DESCRIPTION: An issue was discovered in function libssh2packetadd in libssh2 1.10.0 allows attackers to access out of bounds memory. CWE:CWE-787: Out-of-bounds...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to remote code execution due to the setuptools package (CVE-2025-47273)
Summary Setuptools is used by DataStage on Cloud Pak for Data as part of package handling. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )
Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)
Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...