Lucene search
+L

36 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:35 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]

Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

8.8CVSS5.3AI score0.002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:15 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Cryptography [CVE-2026-34073] [CVE-2026-39892]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation and Improper Restriction of Operations within the Bounds of a Memory Buffer in Cryptography CVE-2026-34073 CVE-2026-39892. Cryptography is used in our speech runtimes. This vulnerabilitiy has been...

9.8CVSS5.6AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:44 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux [CVE-2026-22737]

Summary IBM Watson Speech Services Cartridge is vulnerable to content disclosure in Spring MVC and WebFlux, where template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views CVE-2026-22737...

5.9CVSS5.9AI score0.00385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:11 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 [CVE-2026-30922]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in pyasn1 caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures CVE-2026-30922. Pyasn1 is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the detail...

7.5CVSS6.6AI score0.00803EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:55 p.m.11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a missing authentication and cross-site Scripting in NLTK [CVE-2026-33230, CVE-2026-33231]

Summary IBM Watson Speech Services Cartridge is vulnerable to a missing authentication in NLTK Natural Language Toolkit, due to an issue in nltk.app.wordnetapp that contains a reflected cross-site scripting issue in the lookup... route CVE-2026-33230, CVE-2026-33231. NLTK is used in our speech...

7.5CVSS6.6AI score0.00875EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:50 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

7.5CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:16 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.7AI score0.00484EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:14 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:58 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-61729]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, caused by a contidtion within HostnameError.Error, when constructing an error string, where there is no limit to the number of hosts that will be printed out CVE-2025-61729. Crypto/x509 i...

7.5CVSS6.7AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:50 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS6.6AI score0.00626EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:3 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...

8.8CVSS7.3AI score0.00578EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:1 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography [CVE-2026-26007]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography, due to a condition where the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey...

8.2CVSS6.4AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:44 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse [ CVE-2026-1188]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse, due to an Incorrect Calculation of Buffer Size in the Eclipse OMR port library component CVE-2026-1188. Eclipse is used in our java microservices. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS6.2AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv [CVE-2026-22702]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv, caused by flaws which allow local attackers to perform symlink-based attacks on directory creation operations. CVE-2026-22702. virtualenv is used in our java microservices. This...

4.5CVSS5.9AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:33 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)

Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat, due to issues with 'tomcat-embed-core-10.1.44.jar' and 'tomcat-juli-10.1.44.jar'packagesCVE-2025-55752, CVE-2025-55754, CVE-2025-61795. Apache Tomcat is used in our...

9.6CVSS6.1AI score0.66535EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:27 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle [CVE-2025-12194]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle, due to an issue in Java LTS bcprov-lts8on on All API modules that allows Excessive Allocation. CVE-2025-12194. Bouncy Castle is used in our service runtimes. This vulnerabilitiy ha...

5.9CVSS6.8AI score0.00142EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:25 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

5.4CVSS7.9AI score0.0029EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:19 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython [CVE-2025-8194]

Summary IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython, due to a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs CVE-2025-8194 . CPython is used in our service runtimes. This vulnerabilitiy has been...

7.5CVSS6.7AI score0.00611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:17 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO [CVE-2025-59952]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO, due to an unintended behavior with XML tag values CVE-2025-59952. MinIO is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below...

8.7CVSS6.3AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/07 4:42 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

9.1CVSS8.1AI score0.02303EPSS
Exploits6Affected Software1
Rows per page
Query Builder