33 matches found
CRLF Injection
Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to CRLF Injection via unsanitized path parameters in the protectWhitespace function. An attacker can execute arbitrary FTP commands by...
Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...
CVE-2025-11462
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...
PT-2025-41169
Name of the Vulnerable Software and Affected Versions AWS VPN Client for macOS versions 1.3.2 through 5.2.0 Description A flaw exists in the AWS VPN Client for macOS that allows a local user to execute code with elevated privileges. Insufficient validation of the log destination directory during...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-10.1.42.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affect...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.10.3.jar
Summary IBM Watson Discovery Cartridge contains a vulnerable version of jackson-core-2.10.3.jar Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in versio...
Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability
Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in llama_index-0.12.29-py3-none-any.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of llamaindex-0.12.29-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabiliti...
Security Bulletin: Vulnerability in FreeType affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in FreeType has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Vega affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Vega has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of protobuf-5.29.3-cp310-abi3-win32.whl Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/crypto-v0.33.0
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/crypto-v0.33.0 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key...
Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)
Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...
Security Bulletin: Vulnerability in pillow affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary IBM watsonx Orchestrate with watsonx Assistant Cartridge contains a vulnerable version of pillow Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently lar...
Security Bulletin: Vulnerabilities in setuptools affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in setuptools has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION:...
Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...
Security Bulletin: Vulnerabilities in quarkus-resteasy affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in quarkus-resteasy has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: ...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the linux-pam package (CVE-2025-6020)
Summary Linux-pam is used by DataStage on Cloud Pak for Data as part of the authentication functionality. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...