313 matches found
EUVD-2026-38266
IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo [CVE-2026-35535]
Summary IBM Watson Speech Services Cartridge is vulnerable to privilege escalation in Sudo, due to a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, which is not recognised as a fatal error and can lead to privilege escalation. CVE-2026-35535. Su...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a privilege validation bypass in Moby [CVE-2026-33997]
Summary IBM Watson Speech Services Cartridge is vulnerable to a privilege validation bypass in Moby, due to an error in the daemon's privilege comparison logic, which allows the daemon to incorrectly accept a privilege set that differs from the one approved by the user CVE-2026-33997. Moby is use...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]
Summary IBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery SSRF in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in Cryptography [CVE-2026-34073] [CVE-2026-39892]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation and Improper Restriction of Operations within the Bounds of a Memory Buffer in Cryptography CVE-2026-34073 CVE-2026-39892. Cryptography is used in our speech runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse [CVE-2026-25679]
Summary IBM Watson Speech Services Cartridge is vulnerable to insufficient validation in url.Parse, which may cause acceptance of some invalid URLs CVE-2026-25679. url.Parse is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow [CVE-2026-40192]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Pillow, due to a failure to limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attack CVE-2026-40192. Pillow is used in our speech runtimes. Thi...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]
Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments [CVE-2026-4539]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in pygments, due to a flaw in function AdlLexer of the file pygments/lexers/archetype.py that results in inefficient regular expression complexity CVE-2026-4539. Pygments is used in our speech...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)
Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)
Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)
Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go (CVE-2025-61727)
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go, due to an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate CVE-2025-61727. Golang Go is used in our speech-utilities...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go (CVE-2025-58181)
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go, caused by an issue in SSH servers parsing GSSAPI authentication requests, which do not validate the number of mechanisms specified in the request CVE-2025-58181. Golang Go is used in ou...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Redis [CVE-2021-31294]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Redis, caused by an assertion failure in a primary server by sending a non-administrative command specifically, a SET command CVE-2021-31294. Redis is used in our service runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3 [ CVE-2026-21441]
Summary IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3, due to a flaw that library reads the entire response body to drain the connection and decompress the content unnecessarily, rather than decompressing only the necessary bytes as expected CVE-2026-21441...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper input validation in logback-core [CVE-2025-11226]
Summary IBM Watson Speech Services Cartridge is vulnerable to improper input validation, due to an issue with conditional configuration file processing in logback-core CVE-2025-11226. Logback-core is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details f...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security [CVE-2025-41248]
Summary IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security, due to an issue where annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO [CVE-2025-59952]
Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO, due to an unintended behavior with XML tag values CVE-2025-59952. MinIO is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below...