35715 matches found
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-27060]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-27060 Vulnerability Details CVEID:CVE-2024-27060 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a null pointer dereference...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-6119]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-6119 Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing...
Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-27050]
Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-27050 Vulnerability Details CVEID:CVE-2024-27050 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by not using OPTSSET macro in...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-6129]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-6129 Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC...
Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26553]
Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26553 Vulnerability Details CVEID:CVE-2023-26553 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...
Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26551]
Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26551 Vulnerability Details CVEID:CVE-2023-26551 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...
Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26554]
Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26554 Vulnerability Details CVEID:CVE-2023-26554 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...
Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26552]
Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26552 Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2023-5156]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5156 Vulnerability Details CVEID:CVE-2023-5156 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by a memory leak in...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2023-4806]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4806 Vulnerability Details CVEID:CVE-2023-4806 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2023-4813]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4813 Vulnerability Details CVEID:CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the gaihin...
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [ CVE-2023-39615]
Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-39615 Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a global buffer...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-3358]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-3358 Vulnerability Details CVEID:CVE-2022-3358 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the...
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2022-23308]
Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23308 Vulnerability Details CVEID:CVE-2022-23308 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID an...
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2021-25219]
Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-25219 Vulnerability Details CVEID:CVE-2021-25219 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. ...
Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 281 Vulnerability Details CVEID:CVE-2023-38545 DESCRIPTION: libcurl and cURL are vulnerable to a heap-based buffer overflow, caused by the improper handling of hostnames...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2021-33574]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-33574 Vulnerability Details CVEID:CVE-2021-33574 DESCRIPTION: GNU C Library aka glibc is vulnerable to a denial of service, caused by a use-after-fre...
Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2020-27618]
Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2020-27618 Vulnerability Details CVEID:CVE-2020-27618 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by an err...
Security Bulletin: IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. (CVE-2024-45590)
Summary IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. CVE-2024-45590. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...
Security Bulletin: The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module (CVE-2024-4067).
Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js...
Security Bulletin: IBM Maximo Application Suite - Predict Component component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to this CVE-2024-39689
Summary IBM Maximo Application Suite - Predict Component component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to this CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of...
Security Bulletin: IBM Cognos Command Center has addressed vulnerabilites
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF3 has addressed the applicable CVEs by upgrading to IBM® Semeru Java™ Version 11.0.24.0. Additionally, IBM Cognos Command Center has addressed a vulnerability th...
Security Bulletin: Vulnerability in Python affects IBM watsonx.data
Summary Requests have been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent through the tunnel, the proxy will identify...
Security Bulletin: Vulnerabilities in gRPC affect watsonx.data
Summary gRPC is vulnerable to a denial of service attack as well as possibly allowing a remote attack to obtain sensitive information. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-1428 DESCRIPTION: gRPC is vulnerable to a denial of service. By sending a specially crafted...
Security Bulletin: Vulnerabilities in Google Protocol Buffers affect IBM watsonx.data
Summary Google Protocol Buffers and protobuf-java core and lite have multiple vulnerabilities that can affect watsonx.data. These vulnerablities include denail of service attacks and remote code executions, Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow...
Security Bulletin: Vulnerabilities in Netty affect IBM watsonx.data
Summary Netty is vulnerable to HTTP request smuggling and weaker than expected security. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a...
Security Bulletin: Vulnerabilities in FasterXML jackson-databind and other packages affect IBM watsonx.data
Summary FasterXML jackson-databind, multiple Huawei products, multiple Oracle products, Guava, Google Protocol Buffers, protobuf-core, Netty, JetBrains Kotlin, netplex JSON Smart, Jettison, Eclipse Jetty, SnakeYaml and Perl have vulnerabilities that can affect watsonx.data. Vulnerability Details...
Security Bulletin: Vulnerability in Okio GzipSource affects watsonx.data
Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...
Security Bulletin: Vulnerability in Jettison affects IBM watsonx.data
Summary Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service. This can affect...
Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data
Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx.data
Summary Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect...
Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...
Security Bulletin: Vulnerabilities in Protobuf-java affect IBM watsonx.data
Summary Protobuf-java core and lite are vulnerable to a denial of service attacks which can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...
Security Bulletin: Vulnerability in RabbitMQ Java Client affects IBM watsonx.data
Summary RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By sending a specially crafted message, a remote attacker could exploit this vulnerability to cause a memory overflow, and results in a denial of service condition. This can affect...
Security Bulletin: Vulnerability in Async Http Client affects IBM watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions, caused by the failure to parse the fragment identifier of the URL when handling '?' character. By using a specially-crafted URL with '?' character, an attacker could exploit this...
Security Bulletin: Vulnerabilities in netplex JSON Smart affect watsonx.data
Summary Netplex JSON Smart is vulnerable to a denial of service, caused by either a flaw in the indexOf function of JSONParserByteArray or by not limiting the nesting of arrays or objects. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is...
Security Bulletin: Vulnerability in Guava affects IBM watsonx.data
Summary Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp directory creation vulnerability in com.google.common.io.Files.createTempDir. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access...
Security Bulletin: Vulnerablity in Okio GzipSource affects watsonx.data
Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...
Security Bulletin: Vulnerability in pytest-dev py affects IBM watsonx.data
Summary pytest-dev py is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw by the InfoSvnCommand argument. By sending a specially-crafted regex info data, a remote attacker could exploit this vulnerability to cause a denial of service condition. This c...
Security Bulletin: Vulnerability in Apache Solr affects IBM watsonx.data
Summary Apache Solr could allow a remote attacker to bypass security restrictions, caused by improper access control by the Configsets API. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. This vulnerability can be exploited when...
Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...
Security Bulletin: Vulnerabilities in Protobuf-java affect IBM watsonx.data
Summary Protobuf-java core and lite are vulnerable to denial of service attacks which can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...
Security Bulletin: Vulnerability in Protobuf-core affects IBM watsonx.data
Summary Protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for Message-Type Extensions. By sending non-repeated embedded messages with repeated or unknown fields, a remote authenticated attacker could exploit this vulnerability to cause lo...
Security Bulletin: Vulnerabilities in Netty affect watsonx.data
Summary Netty has multiple vulnerabilities such as HTTP request smuggling, weaker than expected security, and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the...
Security Bulletin: Vulnerability in Async Http Client affects IBM watsonx.data
Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions, caused by the failure to parse the fragment identifier of the URL when handling '?' character. By using a specially-crafted URL with '?' character, an attacker could exploit this...
Security Bulletin: Vulnerability in Node.js affects IBM watsonx.data
Summary Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this...
Security Bulletin: Vulnerabilities in Jettison affect IBM watsonx.data
Summary Jettison is vulerable to denial of service attacks. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-json Jettison is vulnerable to a denial of service, caused by an out of memory flaw. By sending a specially-crafted XML or JSON data, a remote...
Security Bulletin: Vulnerability in PyArrow Affects IBM watsonx.data
Summary PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...
Security Bulletin: Vulnerability in Oracle MySQL Connectors Affects IBM watsonx.data
Summary An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component could allow a remote attacker to cause high confidentiality, integrity and availability impacts. This can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2023-22102 DESCRIPTION: An...
Security Bulletin: Vulnerabilityies in Google Guava affect IBM watsonx.data
Summary Google Guava has vulnerabilities that could allow a local authenticated attacker to obtain sensitive information, allow a remote authenticated attacker to bypass security restrictions and be vulnerable to demial of service attacks. This can affect watsonx.data. Vulnerability Details...