206 matches found
Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data
Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...
Security Bulletin: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors, affects watsonx.data
Summary BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when...
Security Bulletin: OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key, affects watsonx.data
Summary OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized write to metrics and this could...
Security Bulletin: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1, affects watsonx.data
Summary A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of '', a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS and this could affect watsonx.data...
Security Bulletin: Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured tokens, affects watsonx.data
Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform a...
Security Bulletin: On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file, affects watsonx.data
Summary Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDB...
Security Bulletin: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91, affects watsonx.data
Summary Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which...
Security Bulletin: The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios, affects watsonx.data
Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...
Security Bulletin: VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data
Summary VMware Tanzu Spring Framework could provide weaker than expected security, caused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. A remote attacker could exploit this vulnerability to launch further attacks on the system and this could affect watsonx.data...
Security Bulletin:VMware Tanzu Spring Framework could provide weaker than expected security, affects watsonx.data
Summary VMware Tanzu Spring Framework could provide weaker than expected securitycaused by a flaw related to disallowedFields patterns in DataBinder is case insensitive. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could...
Security Bulletin:The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting, affects watsonx.data
Summary The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'osmmap' shortcode in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping on user supplied attributes such as 'theme'. This could affe...
Security Bulletin: Vulnerabilities in Spring Web affect watsonx.data
Summary Spring Web is vulnerable to open re-direct attacks, to phishing attacks, to denial of service attack, to elevation of privilege attacks to reflected file download attacks, to security restrictions bypass attacks, to arbitrary code execution attacks, and to security restrictions bypass...
Security Bulletin: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly affects watsonx.data
Summary The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Hense could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase a...
Security Bulletin: Vulnerability in Apache Kafka Clients affects watsonx.data
Summary Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Hibernate Hibernate Validator could allow a remote attacker to bypass security restriction which affects watsonx.data
Summary Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2020-10693 DESCRIPTION: Hibernate Hibernate Validator could allow a remote...
Security Bulletin: Snappy is a compression/decompression library which affects watsonx.data
Summary Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-36124 DESCRIPTION: iq80 Snappy is a compression/decompression library. When...
Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data
Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...
Security Bulletin:Vulnerability in Apache Druid affects watsonx.data
Summary Apache Druid could allow a remote attacker to bypass security restrictions. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45384 DESCRIPTION: Apache Druid could allow a remote attacker to bypass security restrictions, caused by a flaw in the druid-pac4j extension. B...
Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data
Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write non-default configuration, which could affect watsonx.data. Vulnerability Details...
Security Bulletin: Vulnerability in Spring WebFlux affects watsonx.data
Summary Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: Spring WebFlux applications that have Spring Security...