Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:17 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in Golang crypto/internal/nistec [CVE-2025-22866]

Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in the Golang crypto/internal/nistec package, due to the usage of a variable time instruction in the assembly implementation of an internal function, which may allow a small number of bits of secret...

4CVSS4.8AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:15 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to certification errors in golang.org/x/crypto/ssh [CVE-2024-45341]

Summary IBM Watson Speech Services Cartridge is vulnerable to certification errors in golang.org/x/crypto/ssh, because of conditions which incorrectly satisfy a URI name constraint that applies to certificate chains. CVE-2024-45341. Golang.org/x/crypto/ssh is used as part of our speech utilities...

6.1CVSS5.9AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:12 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in golang.org/x/crypto/ssh [CVE-2025-22869]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in golang.org/x/crypto/ssh, due to a flaw in SSH servers which implement file transfer protocols CVE-2025-22869. Golang.org/x/crypto/ssh is used as part of our speech utilities. This vulnerabilitiy has been addresse...

7.5CVSS7.5AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:9 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja [CVE-2025-27516]

Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Jinja, due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter CVE-2025-27516. Jinja is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the...

8.8CVSS7.2AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:7 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a' use after free' condition in libxml2 [CVE-2024-56171]

Summary IBM Watson Speech Services Cartridge is vulnerable to a' use after free' condition due to a flaw in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c CVE-2024-56171. libxml2 is used as part of our speech utilities. This vulnerabilitiy has been addressed. Please...

9.8CVSS7.7AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:5 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a stack-based buffer overflow in libxml2 [CVE-2025-24928]

Summary IBM Watson Speech Services Cartridge is vulnerable to a stack-based buffer overflow in libxml2, caused by a flaw in xmlSnprintfElements in valid.c CVE-2025-24928. libxml2 is used as part of our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediati...

7.8CVSS7AI score0.00375EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 4:2 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of input in proxy host matching [CVE-2025-22870]

Summary IBM Watson Speech Services Cartridge is vulnerable to a misinterpretation of input in proxy host matching, caused by improper addressing of an IPv6 zone ID as a hostname component CVE-2025-22870. Proxy host matching is used as part of our speech utilities. This vulnerabilitiy has been...

4.4CVSS5.3AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 3:58 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt [CVE-2025-30204]

Summary IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt, due to a flaw in the , the function parse.ParseUnverified splits CVE-2025-30204. Golang-jwt is included as part of our speech utilities. This vulnerabilitiy has been addressed. Please read...

7.5CVSS7.5AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 11:3 a.m.5 views

Security Bulletin: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality. (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447) affect IBM PowerVM Novalink.

Summary An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact. IBM PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecifie...

7.8CVSS6.6AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 10:20 a.m.13 views

Security Bulletin: Vulnerabilities in old Spring Framework versions affect watsonx.data

Summary In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of...

7.4CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 10:18 a.m.15 views

Security Bulletin: The Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression, affects watsonx.data

Summary In scenarios where input size isn't limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead toexcessive memory usage and an Out-Of-Memory OOM crash of the process. This issue is relatively uncomm...

7.5CVSS7.4AI score0.00577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 10:18 a.m.18 views

Security Bulletin: Vulnerabilities in old Spring Framework versions, made disallowedFields patterns in DataBinder case insensitive, affect watsonx.data

Summary In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of...

5.3CVSS5AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 10:16 a.m.11 views

Security Bulletin: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files affect watsonx.data

Summary An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.These could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in...

8.1CVSS8.6AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 9:0 a.m.13 views

Security Bulletin: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed, (CVE-2025-23184) affects IBM PowerVM Novalink.

Summary A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system it applies to servers and clients. IBM...

7.5CVSS5.6AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 8:52 a.m.11 views

Security Bulletin: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118 (CVE-2025-25193) affects IBM PowerVM Novalink.

Summary Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load ...

5.5CVSS6AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 8:19 a.m.22 views

Security Bulletin: IBM Security Verify Password Synchronization Plug-in for Windows AD is affected by multiple vulnerabilities

Summary IBM Security Verify Password Synchronization Plug-in for Windows AD has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime...

7.5CVSS10AI score0.70561EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 2:0 a.m.9 views

Security Bulletin: A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity (CVE-2025-27789).

Summary A vulnerability in Babel affects IBM Robotic Process Automation and could result in inefficient regular expression complexity CVE-2025-27789. Babel is used by IBM Robotic Process Automation as part of it's UI framework. This security bulletin identifies the fixes required to resolve the...

6.2CVSS6.7AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 1:58 a.m.15 views

Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation (CVE-2024-56171).

Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation CVE-2024-56171. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability Details CVEID:CVE-2024-56171...

9.8CVSS8.1AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 1:57 a.m.18 views

Security Bulletin: A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections (CVE-2025-29953).

Summary A vulnerability in Apache Active MQ NMS affects IBM Robotic Process Automation and could result in arbitrary code exections CVE-2025-29953. Apache Active MQ is used by IBM Robotic Process automation for integration with Apache Active MQ. This security bulletin identifies the fixes require...

9.8CVSS10AI score0.01648EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 1:56 a.m.11 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and could result in credential leakage (CVE-2025-27152)

Summary A vulnerability in axios affects IBM Robotic Process Automation and could result in credential leakage CVE-2025-27152. Axios is used by IBM Robotic Process Automation as part of the User Inteface. This security bulletin identifies the fixes to resolve the vulnerability. Vulnerability...

8.7CVSS5.9AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 7:30 p.m.4 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to exposure of sensitive data and authorization bypass due to the Apache ZooKeeper package (CVE-2024-23944, CVE-2023-44981)

Summary Apache ZooKeeper is used by DataStage on Cloud Pak for Data as part of configuration synchronization. Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monit...

9.1CVSS7.2AI score0.01713EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 7:29 p.m.9 views

Security Bulletin: A vulnerability in cert-manager affects IBM Robotic Process Automation for Cloud Pak and could result in a denial of service (CVE-2024-12401).

Summary A vulnerability in cert-manager affects IBM Robotic Process Automation for Cloud Pak and could result in a denial of service CVE-2024-12401. Cert-manager is used by IBM Robotic Process Automation for Cloud Pak as part of it's container deployment. This security bulletin identifies the fix...

4.4CVSS5AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 7:28 p.m.10 views

Security Bulletin: A vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and could lead to a denial of service (CVE-2025-25193).

Summary A vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and could lead to a denial of service CVE-2025-25193. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the...

5.5CVSS6.2AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 6:1 p.m.9 views

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has a dependency on IBM WebSphere Application Server Liberty, which is vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability i...

7.5CVSS8.8AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 5:23 p.m.11 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2025-21587)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecifie...

7.4CVSS9.2AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 3:38 p.m.47 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

7.5CVSS10AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 11:11 a.m.6 views

Security Bulletin: Go net/http package is vulnerable to a denial of service,a remote attacker could exploit this vulnerability to cause a denial of service, affects watsonx.data

Summary Go net/http package is vulnerable to a denial of service, caused by improper 100-continue header handling. By sending "Expect: 100-continue" requests, a remote attacker could exploit this vulnerability to cause a denial of service and this could affect watsonx.data. Vulnerability Details...

7.5CVSS9.2AI score0.01414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 11:7 a.m.10 views

Security Bulletin: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors, affects watsonx.data

Summary BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when...

9.8CVSS9.5AI score0.08042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 10:55 a.m.2 views

Security Bulletin: OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key, affects watsonx.data

Summary OpenTelemetry Collector Contrib could allow a remote attacker to bypass security restrictions, caused by a flaw when configured to require a key. By sending a specially crafted request, an attacker could exploit this vulnerability to perform unauthorized write to metrics and this could...

5.3CVSS6.9AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 10:50 a.m.15 views

Security Bulletin: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1, affects watsonx.data

Summary A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of '', a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service DoS and this could affect watsonx.data...

7.5CVSS9.1AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 10:48 a.m.4 views

Security Bulletin: Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured tokens, affects watsonx.data

Summary The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform a...

6.5CVSS6.7AI score0.0062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/12 1:54 a.m.9 views

Security Bulletin: Vulnerability in Babel runtime library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-27789)

Summary Babel is a compiler used to generate JavaScript code for Tivoli Netcool/OMNIbus WebGUI Event Viewer, Netcool Operations Insight NOI Event Analytics Configuration and Scope Based Grouping client components. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS9.5AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 9:44 p.m.27 views

Security Bulletin: IBM SPSS Statistics I/O Module is vulnerable to Denial of Service Attack (CVE-2022-43855)

Summary The IO Module is a separate library that users can code to in order to read and write SPSS .sav data files. A vulnerability was discovered in which attempts to write to an unwritable location can lead to file handle leakage and eventual file handle exhaustion. Vulnerability Details...

6.2CVSS6.2AI score0.00158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 6:4 p.m.20 views

Security Bulletin: Erlang/OTP SSH Protocol Flaw Allows Remote Code Execution

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious...

10CVSS10AI score0.97673EPSS
Exploits36Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 5:5 p.m.9 views

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to Cross Site Scripting XSS, Java Script Source Map and Denial of Service DOS vulnerabilities. This Security Bulletin relates only t...

7.5CVSS9.1AI score0.01386EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 1:20 p.m.15 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-53382 DESCRIPTION: Prism aka PrismJS through 1.29.0 allows D...

9.1CVSS9.6AI score0.02186EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 11:58 a.m.12 views

Security Bulletin: IBM DataPower Gateway affected by timing side-channel in OpenSSL (CVE-2024-13176)

Summary IBM DataPower Gateway uses OpenSSL for most cryptographic operations. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing...

4.1CVSS8.9AI score0.00601EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 11:55 a.m.12 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple CVEs in zlib

Summary IBM DataPower Gateway uses ZLib in reading and writing configuration exports and for handling compressed traffic Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

9.8CVSS7.9AI score0.51733EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 2:56 a.m.11 views

Security Bulletin: IBM Verify Identity Access is affected by a security vulnerability (CVE-2025-0163)

Summary IBM Verify Identity Access has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-0163 DESCRIPTION: IBM Security Verify Access Appliance could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

5.3CVSS7.2AI score0.00294EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 1:49 a.m.16 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.9CVSS10AI score0.16496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 11:4 p.m.37 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2-ifix2 Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CWE:CWE-787: Out-of-bounds Write CVSS...

9.8CVSS9.8AI score0.9378EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 9:6 p.m.14 views

Security Bulletin: IBM DataPower Gateway affected by multiple CVEs in OS kernel

Summary The following CVEs in the OS kernel may affect IBM DataPower Gateway Vulnerability Details CVEID:CVE-2023-52458 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add...

7.8CVSS9.4AI score0.00301EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 5:27 p.m.14 views

Security Bulletin: This Power System update is being released to address CVE-2024-13176

Summary This affects the BMC's HTTPS and SSH interfaces. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA...

4.1CVSS4.3AI score0.00601EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 3:4 p.m.11 views

Security Bulletin: AIX/VIOS is vulnerable to arbitrary command execution due to Perl (CVE-2025-33112)

Summary Vulnerability in AIX's Perl could allow an attacker to execute arbitrary commands CVE-2025-33112. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-33112 DESCRIPTION: IBM AIX's Perl implementation could allow a non-privileged local user to exploit ...

8.4CVSS7.7AI score0.00191EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 3:4 p.m.19 views

Security Bulletin: AIX/VIOS is vulnerable to an expected behavior violation (CVE-2025-32728) due to OpenSSH

Summary AIX's OpenSSH DisableForwarding directive does not adhere to the documentation CVE-2025-32728. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-32728 DESCRIPTION: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the...

4.3CVSS6.8AI score0.0016EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 2:37 p.m.11 views

Security Bulletin: AIX is vulnerable to sensitive information disclosure (CVE-2025-0167, CVE-2024-11053) and a denial of service (CVE-2024-9681) due to cURL libcurl

Summary Vulnerabilities in cURL libcurl could allow a remote attacker to obtain sensitive information CVE-2025-0167, CVE-2024-11053 or cause a denial of service CVE-2024-9681. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with...

6.5CVSS6.4AI score0.0197EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 12:40 p.m.10 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS6.2AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 12:35 p.m.24 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery attack.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery. This vulnerability allows authenticated users can send specially crafted request CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: Apache Axis is vulnerable to server-si...

7.2CVSS6.3AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 12:29 p.m.17 views

Security Bulletin: Due to Apache CXF used by IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service.

Summary IBM Tivoli Application Dependency Discovery Manager is affected by a denial of service vulnerability due to the use of Apache CXF in IBM WebSphere Application Server Liberty, when the jaxws-2.2, xmlWS-3.0, or xmlWS-4.0 feature is enabled. CVE-2025-23184 Vulnerability Details...

7.5CVSS7.3AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/10 8:36 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server affect IBM Cloud Pak System

Summary Multiple Vulnerabilities in IBM WebSphere Application Server affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45071 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...

7.5CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608