Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 9:29 a.m.9 views

Security Bulletin: Vulnerability in curl affects IBM Netezza Appliance

Summary The curl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9086 Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to...

7.5CVSS5.8AI score0.01301EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 7:34 a.m.12 views

Security Bulletin: IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007.

Summary IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose...

8.2CVSS6.5AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 7:34 a.m.14 views

Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.

Summary IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to...

8.6CVSS5.8AI score0.00367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/16 5:27 a.m.5 views

Security Bulletin: Vulnerabilities jackson-core-2.13.5.jar affects affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in jackson-core package. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, as...

6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:5 p.m.9 views

Security Bulletin: Multiple vulnerabilities in Python affect AIX

Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...

6.3CVSS5.8AI score0.00708EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:5 p.m.15 views

Security Bulletin: Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)

Summary Vulnerability in cURL libcurl might wrongly pass on an OAuth2 bearer token CVE-2025-14524. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2025-14524 DESCRIPTION: When an OAuth2...

5.3CVSS5.8AI score0.00611EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 7:43 p.m.4 views

Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query in a Fenced environment (CVE-2026-3676)

Summary IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query in a Fenced environment CVE-2026-3676 Vulnerability Details CVEID:CVE-2026-3676 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to...

6.5CVSS5.8AI score0.00402EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 7:34 p.m.3 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries. Vulnerability Details CVEID:CVE-2026-1577 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of servic...

6.5CVSS5.8AI score0.00335EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 7:27 p.m.3 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)

Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

6.5CVSS5.8AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 7:26 p.m.4 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)

Summary IBM® Db2® is vulnerable to a denial of service when fetching from certain tables when the following configurations are set: DB2WORKLOAD=ANALYTICS or intraparallel is set to YES, as well as DB2EXTENDEDOPTIMIZATION=NLJNOFLOW ON. Vulnerability Details CVEID:CVE-2025-14688 DESCRIPTION: IBM Db...

5.3CVSS5.8AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:50 p.m.4 views

Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch

Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...

6.3CVSS6AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:5 p.m.3 views

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)

Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...

5.3CVSS6.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 4:42 p.m.5 views

Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)

Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

7.5CVSS6.9AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 3:10 p.m.12 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Apache Avro, Jackson, Vert.x, plexus-utils and Netty Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils...

8.8CVSS6.2AI score0.01125EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 2:49 p.m.6 views

Security Bulletin: IBM i is affected by a privilege escalation vulnerability in Web Administration GUI [CVE-2026-2311]

Summary Web Administration GUI for IBM i is vulnerable to privilege escalation caused by an invalid authorization check as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-2311 DESCRIPTION: IBM i is vulnerable to privilege escalation caused by an invalid IBM i...

9.8CVSS5.8AI score0.00198EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:57 a.m.5 views

Security Bulletin: Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager

Summary Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager. Affected and vulnerable Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an applicatio...

7.5CVSS6.7AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:46 a.m.4 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-26007)

Summary Python module cryptography is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance and Dashboard operands that enable the App Connect Enterprise Agent are vulnerable to loss of...

8.2CVSS5.8AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:36 a.m.6 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance

Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66221 Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin...

6.3CVSS6.6AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:16 a.m.7 views

Security Bulletin:Vulnerabilities in LIBPNG affects IBM Netezza Appliance

Summary The LIBPNG package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-64720, CVE-2025-65018 & CVE-2025-66293 Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, an...

7.1CVSS6.8AI score0.00299EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:10 a.m.9 views

Security Bulletin: Vulnerability in Lodash affects IBM Netezza Appliance

Summary The Lodash package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13465 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions...

8.2CVSS6.6AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 11:7 a.m.5 views

Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance

Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-22701 Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition...

5.3CVSS5.7AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:52 a.m.6 views

Security Bulletin: Vulnerability in util-linux affects IBM Netezza Appliance

Summary The util-linux package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-14104 Vulnerability Details CVEID:CVE-2025-14104 DESCRIPTION: A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte...

6.1CVSS7AI score0.00179EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:49 a.m.3 views

Security Bulletin: Vulnerability in libexpat affects IBM Netezza Appliance

Summary The libexpat package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66382 Vulnerability Details CVEID:CVE-2025-66382 DESCRIPTION: In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds o...

5.5CVSS6AI score0.00183EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:45 a.m.4 views

Security Bulletin: Vulnerability in libarchive affects IBM Netezza Appliance

Summary The libarchive package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-60753 Vulnerability Details CVEID:CVE-2025-60753 DESCRIPTION: An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file...

5.5CVSS6.1AI score0.00157EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:37 a.m.3 views

Security Bulletin:Vulnerabilities in Netty affects IBM Netezza Appliance

Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58056, CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of...

7.5CVSS6.7AI score0.00631EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:29 a.m.8 views

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

3.6CVSS6.7AI score0.00211EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:25 a.m.8 views

Security Bulletin: Vulnerability in libssh affects IBM Netezza Appliance

Summary The libssh package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8277 Vulnerability Details CVEID:CVE-2025-8277 DESCRIPTION: A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KE...

3.1CVSS6.3AI score0.00375EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:18 a.m.2 views

Security Bulletin: Vulnerability in Ply affects IBM Netezza Appliance

Summary The Ply package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-56005 Vulnerability Details CVEID:CVE-2025-56005 DESCRIPTION: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via...

9.8CVSS8AI score0.16903EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:15 a.m.6 views

Security Bulletin: Vulnerability in Coreutils affects IBM Netezza Appliance

Summary The Coreutils package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-5278 Vulnerability Details CVEID:CVE-2025-5278 DESCRIPTION: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer...

4.4CVSS5.9AI score0.00223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 9:47 a.m.3 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service (CVE-2026-39865)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module axios CVE-2026-3986...

5.9CVSS5.8AI score0.00731EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 9:45 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)

Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:16 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - NULL Pointer Dereference in OpenSSL cryptography package

Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.4.7, which depends on OpenSSL. CVE-2024-0727 affects OpenSSL's PKCS12 file processing functionality. A maliciously formatted PKCS12 file can cause a NULL pointer dereference, leading to application crash...

5.5CVSS6.7AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 6:14 a.m.8 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - Insufficient Verification in cryptography package

Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.3.2, which contains a critical vulnerability CVE-2026-26007 affecting elliptic curve cryptography operations. The package fails to verify that public key points belong to the expected prime-order subgrou...

8.2CVSS6.9AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 5:41 a.m.4 views

Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB and Tomcat affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Tomcat and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, a...

6.2CVSS7.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 5:32 a.m.5 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-32776, CVE-2026-32777, CVE-2026-32778]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-32776, CVE-2026-32777, CVE-2026-32778 Vulnerability Details Refer to the security bulletins listed in th...

5.5CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 5:31 a.m.8 views

Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2024-29371]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 5:25 a.m.9 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by non-blocking (async) JSON parser in jackson-core (WS-2026-0003)

Summary SPSS Collaboration and Deployment Services is affected by non-blocking async JSON parser in jackson-core WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the...

5.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:16 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.7AI score0.00473EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:14 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:12 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)

Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...

5.3CVSS6.6AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:11 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)

Summary IBM Watson Speech Services Cartridge is vulnerable to a condition in net/url that allows incorrect parse function values other than IPv6 addresses to be included in square brackets within the host component of a URL CVE-2025-47912, Net/url is used in our speech-utilities. This...

5.3CVSS7AI score0.00443EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:9 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...

6.5CVSS6.7AI score0.00643EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:7 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1 (CVE-2025-58185)

Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1, caused by an issue which allows parsing of a maliciously crafted DER payload that could allocate large amounts of memory CVE-2025-58185. Encoding/asn1 is used in our speech-utilitie...

5.3CVSS7AI score0.00526EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:3 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go (CVE-2025-61727)

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go, due to an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate CVE-2025-61727. Golang Go is used in our speech-utilities...

6.5CVSS6.6AI score0.00274EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 5:0 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go (CVE-2025-58181)

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go, caused by an issue in SSH servers parsing GSSAPI authentication requests, which do not validate the number of mechanisms specified in the request CVE-2025-58181. Golang Go is used in ou...

5.3CVSS6.7AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:58 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-61729]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, caused by a contidtion within HostnameError.Error, when constructing an error string, where there is no limit to the number of hosts that will be printed out CVE-2025-61729. Crypto/x509 i...

7.5CVSS6.7AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:56 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources in net/url [CVE-2025-61726]

Summary IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources due to a failure of the net/url package to set a limit on the number of query parameters in a queryCVE-2025-61726. Net/url is used in our speech utilities. This vulnerabilitiy has been addressed. Please...

7.5CVSS6.6AI score0.01945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:54 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509 [CVE-2025-58187]

Summary IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509, due to non-linear processing time of some inputs scale with respect to the size of the certificate CVE-2025-58187. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has...

7.5CVSS6.8AI score0.00384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:52 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-58188]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, due to incorrect processing of chains which contain DSA public keys. CVE-2025-58188. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the...

7.5CVSS7AI score0.00361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 4:50 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS6.6AI score0.00626EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35596