57 matches found
Security Bulletin: Vulnerability in github.com/jackc/pgx/v5 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Content-Aware Storage include github.com/jackc/pgx/v5. It is vulnerable to memory-safety vulnerability. CVE-2026-33816 Vulnerability Details CVEID:CVE-2026-33816 DESCRIPTION: Memory-safety vulnerability in github.com/jackc/pgx/v5. CVSS Source: CISA A...
Astra Linux – Vulnerability in Ceph
IBM Spectrum Fusion HCI versions 2.5.2 through 2.7.2 may allow attackers to perform unauthorized actions in the RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807...
Security Bulletin: Multiple Vulnerabilities in NLTK bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the Natural Language Toolkit NLTK library, which is susceptible to several critical security vulnerabilities. These flaws could allow a remote attacker to execute arbitrary code, perform arbitrary file reads via path...
Security Bulletin: Vulnerability in Python-Multipart bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage
Summary IBM Fusion Content-Aware Storage includes the python-multipart library, which is susceptible to a Path Traversal vulnerability. This flaw exists when specific non-default configuration options, such as UPLOADKEEPFILENAME=True, are utilized. A remote attacker could exploit this vulnerabili...
Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...
Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes google.protobuf, which could cause denial-of-service DoS vulnerability. CVE-2026-0994. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict ...
Security Bulletin: Vulnerability in DiskCache with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage.
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage includes DiskCache python-diskcache. Following vulnerability can achieve arbitrary code execution. CVE-2025-69872. Vulnerability Details CVEID:CVE-2025-69872 DESCRIPTION: DiskCache python-diskcache through 5.6.3 uses Python...
Security Bulletin: Vulnerability in golang.org/x/crypto bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage include golang.org/x/crypto which could cause early termination of client process. CVE-2025-47913. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response...
Security Bulletin: IBM Fusion HCI is vulnerable to potential container escapes
Summary An OpenShift or Fusion administrator, or potentially an attacker who gains access to a certain Storage Fusion containers, can gain access to underlying node linux capabilities, increasing the possibility of a container escape such as CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-018...
EUVD-2025-28994
Malicious code in bioql PyPI...
EUVD-2024-19876
Malicious code in bioql PyPI...
EUVD-2023-55677
Malicious code in bioql PyPI...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion
Summary Multiple vulnerabilities affecting IBM Fusion and IBM Fusion HCI could have resulted in reduced security. These issues have since been resolved. CVE-2025-36222, CVE-2025-47273, CVE-2025-26791, CVE-2025-22870, CVE-2025-27817, CVE-2024-31141, CVE-2025-27818, CVE-2024-47081, CVE-2025-48379,...
Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to the Use of Insufficiently Random Values due to form_data.Js (CVE-2025-7783)
Summary The Data Cataloging Service in IBM Fusion and IBM Fusion HCI uses the formdata.js package which is vulnerable to the use of insufficiently random values which allows an attacker to deduce the state of the pseudo-random number generator in formdata and to craft payloads that include...
Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to cross-site scripting due to DOMPurify (WS-2024-0017)
Summary The Fusion Web UI uses DOMPurify which is vulnerable to an attacker bypassing sanitizers and executing JavaScript code. WS-2024-0017 Vulnerability Details WSID: WS-2024-0017 DESCRIPTION: Insufficient checks in DOMPurify allows an attacker to bypass sanitizers and execute arbitrary...
IBM多款产品 安全漏洞
IBM Fusion and others are a hybrid cloud application data platform from International Business Machines IBM. A security vulnerability exists in various IBM products that stems from the use of insecure default configurations that could lead to an attacker performing unauthorized operations. The...
Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to request smuggling due to python package h11 (CVE-2025-43859)
Summary The python package h11 is used by IBM Fusion and IBM Fusion HCI as part of the Content Aware Storage service and the Backup and Restore service agent and is vulnerable to request smuggling under certain conditions due to CVE-2025-43859 in h11. Vulnerability Details CVEID:CVE-2025-43859...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx
Summary Multiple vulnerabilities affecting IBM Fusion HCI and IBM Fusion HCI for watsonx could have resulted in reduced security. These issues have since been resolved. CVE-2023-5115, CVE-2023-5764, CVE-2024-9902, CVE-2024-8775, CVE-2024-11079, CVE-2024-9506, CVE-2024-43799, CVE-2024-6119,...
Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to lack of egress restriction
Summary IBM Fusion and IBM Fusion HCI are vulnerable to allowing data to be sent to the external network due to the lack of egress restriction. CVE-2024-22315. Vulnerability Details CVEID:CVE-2024-22315 DESCRIPTION: IBM Storage Fusion is vulnerable to insecure network connection by allowing an...
The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI arises from insufficient channel restrictions for specific endpoints, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI lies in the insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...