Lucene search
K

29 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:51 p.m.7 views

Security Bulletin:ACE Vulnerability in QOS.CH Logback-core 1.5.24: Class Instantiation via Compromised Configuration File

Summary ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a...

1.8CVSS5.8AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/23 6:7 p.m.7 views

Security Bulletin: Inadequate Pod Communication Restrictions, affects watsonx.data

Summary A security vulnerability has been identified in IBM watsonx.data due to insufficient restrictions on inter-pod communication. This misconfiguration may allow unauthorized data transfer between pods within the environment. Vulnerability Details CVEID:CVE-2025-36180 DESCRIPTION: IBM Lakehou...

7.5CVSS5.6AI score0.00186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 6:3 a.m.9 views

Security Bulletin: Segmentation Fault Vulnerability in Rust time crate on Unix Systems (v0.2.7–v0.2.22) affects watsonx.data

Summary A vulnerability in the Rust time crate v0.2.7–v0.2.22 can cause segmentation faults on Unix-like systems when environment variables are set from a different thread. Windows and WebAssembly targets are unaffected. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2020-26235...

5.3CVSS6AI score0.01881EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:33 a.m.13 views

Security Bulletin: Decompression Bomb Vulnerability in Undic, affects watsonx.data

Summary Undici versions prior to 7.18.0 and 6.23.0 are vulnerable to unbounded decompression chains. Malicious servers can exploit this to trigger high CPU usage and excessive memory allocation due to thousands of compression steps. This can affect watsonx.data. Vulnerability Details...

7.5CVSS6.6AI score0.00433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:44 a.m.11 views

Security Bulletin: LangChain Serialization Injection Vulnerability in dumps()/dumpd() (Fixed in 0.3.81 / 1.2.5) affects watsonx.data

Summary A serialization injection vulnerability in LangChain's dumps and dumpd functions pre-0.3.81 / 1.2.5 allows user-controlled data with 'lc' keys to be deserialized as objects. This issue is fixed in versions 0.3.81 and 1.2.5. This can affect watsonx.data. Vulnerability Details...

9.3CVSS7AI score0.1383EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:45 a.m.5 views

Security Bulletin: Certificate Name Constraints Algorithm Vulnerable to Non-Linear Processing DoS affects watsonx.data

Summary A flaw in the certificate name constraints checking algorithm can lead to non-linear processing time, allowing specially crafted certificate chains to cause excessive resource consumption and potential Denial-of-Service DoS. This can affect watsonx.data. Vulnerability Details...

7.5CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:9 p.m.3 views

Security Bulletin: Inefficient Regex Complexity Vulnerability in brace-expansion Library (CVE-style Security Advisory), affects watsonx.data

Summary A vulnerability in the brace-expansion library versions up to 1.1.11, 2.0.1, 3.0.0, and 4.0.0 affects the expand function, allowing specially crafted input to trigger inefficient regular expression processing. This can lead to excessive CPU usage ReDoS, potentially degrading performance...

3.1CVSS4.6AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 4:30 a.m.5 views

Security Bulletin: Unexpected SSH_AGENT_SUCCESS Response Causes Client Panic and Premature Termination in SSH Client, affects watsonx.data

Summary SH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response wi...

7.5CVSS5.7AI score0.00591EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/03/13 10:41 p.m.4 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to missing validation of the AES-GCM authentication tag on encrypted XML nodes. An attacker can decrypt sensitive data and forge arbitrary ciphertexts by brute-forcing the authentication...

8.8CVSS5.9AI score0.00148EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/22 3:46 a.m.3 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the checkType function. An attacker can cause the client to panic and terminate unexpectedly by providing invalid TUF metadata which is valid JSON. The vulnerable parsing happens before signature validation, so a...

8.2CVSS5.5AI score0.0053EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/22 3:45 a.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the VerifyDelegate function. An attacker in control of a compromised TUF repository can bypass signature validation and modify metadata files by setting the signature threshold to 0...

8.2CVSS5.5AI score0.00196EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.12 views

PT-2026-3904

Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a condition where a compromised or misconfigured repository can have signature thresholds set to 0. This effectively...

8.8CVSS5.2AI score0.00308EPSS
Exploits1References331
Snyk
Snyk
added 2025/11/24 11:31 p.m.2 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to unsafe path handling. An attacker can access, overwrite, or delete files outside the intended directories by supplying specially crafted names or archive entries containing path traversal sequences...

9.8CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/09/26 4:3 p.m.9 views

CVE-2025-59843 FlagForgeCTF Exposes User Emails via Public /api/user/[username] API

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...

6.9CVSS0.00389EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.4 views

PT-2024-23171 · Brocade · Brocade Sannav Ova

Name of the Vulnerable Software and Affected Versions: Brocade SANnav OVA versions prior to 2.3.1 Brocade SANnav OVA version 2.3.0a Description: The issue is related to an insecure file permission setting that makes files world-readable. This could allow a local user without the required privileg...

5.5CVSS6.6AI score0.00183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.4 views

PT-2024-4306 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: The issue is related to the use of hardcoded credentials in the Brocade SANnav software. This allows a remote attacker to perform a man-in-the-middle MITM attac...

7.7CVSS7.2AI score0.0031EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.8 views

PT-2024-4303 · Brocade · Brocade Sannav Ova

Name of the Vulnerable Software and Affected Versions: Brocade SANnav OVA versions prior to 2.3.1 Brocade SANnav OVA version 2.3.0a Description: The issue is related to the use of hard-coded credentials in the documentation of the Brocade SANnav appliance, which can be used as the root password...

9.8CVSS7.8AI score0.0065EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.4 views

PT-2023-24824 · Jetbrains · Jetbrains Ktor

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 2.3.1 Description: The issue allows headers containing authentication data to be added to the exception's message. This could potentially expose sensitive information. Recommendations: For versions prior to...

3.3CVSS3.9AI score0.0021EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.4AI score0.00729EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-18717 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.1 Description: A vulnerability in the UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks that were not executed, such as when tasks were depending on pas...

8.7CVSS7.2AI score0.0168EPSS
Exploits0References15
Rows per page
Query Builder