638 matches found
Updated cockpit packages fix security vulnerabilities
CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...
Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.
Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 2 Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The...
Lodash Template - Server-Side Template Injection (RCE)
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...
ROOT-APP-NPM-CVE-2021-23337 CVE-2021-23337 in @rootio/lodash.template - Patched by Root
Root has patched CVE-2021-23337 in the @rootio/lodash.template package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-2950 CVE-2026-2950 in @rootio/lodash - Patched by Root
Root has patched CVE-2026-2950 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-13465 CVE-2025-13465 in @rootio/lodash - Patched by Root
Root has patched CVE-2025-13465 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-4800 CVE-2026-4800 in @rootio/lodash - Patched by Root
Root has patched CVE-2026-4800 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2019-10744 CVE-2019-10744 in @rootio/lodash - Patched by Root
Root has patched CVE-2019-10744 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2018-16487 CVE-2018-16487 in @rootio/lodash - Patched by Root
Root has patched CVE-2018-16487 in the @rootio/lodash package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root
Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.43 security and extras update
Red Hat OpenShift Container Platform release 4.18.43 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses minimatch-3.0.5.tgz, OpenTelemetry Go SDK, jaraco.context, IBM WebSphere Application Server Liberty, picomatch-2.3.1.tgz, path-to-regexp-0.1.12.tgz, lodash-4.17.23.tgz, pillow-12.1.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl,...
Security Bulletin: Due to use of lodash-es-4.17.21.tgz, IBM Sterling Connect:Direct Web Services is vulnerable to prototype pollution in the _.unset and _.omit functions.
Summary lodash-es-4.17.21.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-13465, CVE-2026-2950. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can...
Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in lodash and lodash-es (CVE-2026-2950, CVE-2026-4800)
Summary Multiple vulnerabilities in the lodash and lodash-es utility libraries CVE-2026-2950, CVE-2026-4800 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the components to version 4.18.0. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in lodash-4.17.21.tgz Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Lodash and Lodash-es (CVE-2025-13465)
Summary A prototype pollution vulnerability in the Lodash and Lodash-es libraries CVE-2025-13465 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 4.18.0. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...
RLSA-2026:18480 Important: linux-sgx security update
The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fixes: qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-ta...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-2950)
Summary IBM Security SOAR uses an older version of the Lodash component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact:...
pcs security update
An update is available for pcs. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...