35596 matches found
Security Bulletin: Vulnerability in curl affects IBM Netezza Appliance
Summary The curl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9086 Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to...
Security Bulletin: IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007.
Summary IBM Edge Data Collector uses cryptography-44.0.1-cp39-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose...
Security Bulletin: IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.
Summary IBM Edge Data Collector uses pillow-10.3.0-cp39-cp39-manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to...
Security Bulletin: Vulnerabilities jackson-core-2.13.5.jar affects affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in jackson-core package. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, as...
Security Bulletin: Multiple vulnerabilities in Python affect AIX
Summary Vulnerabilities in Python could allow a null pointer dereference CVE-2026-32776, CVE-2026-32778, an infinite loop CVE-2026-32777, or impact availability CVE-2025-12084. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-32776...
Security Bulletin: Vulnerability impacts AIX due to cURL libcurl (CVE-2025-14524)
Summary Vulnerability in cURL libcurl might wrongly pass on an OAuth2 bearer token CVE-2025-14524. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2025-14524 DESCRIPTION: When an OAuth2...
Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query in a Fenced environment (CVE-2026-3676)
Summary IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query in a Fenced environment CVE-2026-3676 Vulnerability Details CVEID:CVE-2026-3676 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)
Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries. Vulnerability Details CVEID:CVE-2026-1577 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of servic...
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)
Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations (CVE-2025-14688)
Summary IBM® Db2® is vulnerable to a denial of service when fetching from certain tables when the following configurations are set: DB2WORKLOAD=ANALYTICS or intraparallel is set to YES, as well as DB2EXTENDEDOPTIMIZATION=NLJNOFLOW ON. Vulnerability Details CVEID:CVE-2025-14688 DESCRIPTION: IBM Db...
Security Bulletin: due to the use of Apache Log4j, IBM Transformation Extender Advanced is vulnerable to Host Mismatch
Summary Apache Log4j is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. Apache Log4j has been updated to address CVE-2025-68161 which causes hostname mismatch. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The...
Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)
Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...
Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)
Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Apache Avro, Jackson, Vert.x, plexus-utils and Netty Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils...
Security Bulletin: IBM i is affected by a privilege escalation vulnerability in Web Administration GUI [CVE-2026-2311]
Summary Web Administration GUI for IBM i is vulnerable to privilege escalation caused by an invalid authorization check as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-2311 DESCRIPTION: IBM i is vulnerable to privilege escalation caused by an invalid IBM i...
Security Bulletin: Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager
Summary Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager. Affected and vulnerable Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an applicatio...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-26007)
Summary Python module cryptography is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance and Dashboard operands that enable the App Connect Enterprise Agent are vulnerable to loss of...
Security Bulletin: Vulnerability in Werkzeug affects IBM Netezza Appliance
Summary The Werkzeug package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66221 Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin...
Security Bulletin:Vulnerabilities in LIBPNG affects IBM Netezza Appliance
Summary The LIBPNG package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-64720, CVE-2025-65018 & CVE-2025-66293 Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, an...
Security Bulletin: Vulnerability in Lodash affects IBM Netezza Appliance
Summary The Lodash package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-13465 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions...
Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance
Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2026-22701 Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition...
Security Bulletin: Vulnerability in util-linux affects IBM Netezza Appliance
Summary The util-linux package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-14104 Vulnerability Details CVEID:CVE-2025-14104 DESCRIPTION: A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte...
Security Bulletin: Vulnerability in libexpat affects IBM Netezza Appliance
Summary The libexpat package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66382 Vulnerability Details CVEID:CVE-2025-66382 DESCRIPTION: In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds o...
Security Bulletin: Vulnerability in libarchive affects IBM Netezza Appliance
Summary The libarchive package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-60753 Vulnerability Details CVEID:CVE-2025-60753 DESCRIPTION: An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file...
Security Bulletin:Vulnerabilities in Netty affects IBM Netezza Appliance
Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58056, CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of...
Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance
Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...
Security Bulletin: Vulnerability in libssh affects IBM Netezza Appliance
Summary The libssh package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8277 Vulnerability Details CVEID:CVE-2025-8277 DESCRIPTION: A flaw was found in libssh's handling of key exchange KEX processes when a client repeatedly sends incorrect KE...
Security Bulletin: Vulnerability in Ply affects IBM Netezza Appliance
Summary The Ply package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-56005 Vulnerability Details CVEID:CVE-2025-56005 DESCRIPTION: An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via...
Security Bulletin: Vulnerability in Coreutils affects IBM Netezza Appliance
Summary The Coreutils package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-5278 Vulnerability Details CVEID:CVE-2025-5278 DESCRIPTION: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service (CVE-2026-39865)
Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module axios CVE-2026-3986...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service (CVE-2026-0994)
Summary Python module protobuf is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - NULL Pointer Dereference in OpenSSL cryptography package
Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.4.7, which depends on OpenSSL. CVE-2024-0727 affects OpenSSL's PKCS12 file processing functionality. A maliciously formatted PKCS12 file can cause a NULL pointer dereference, leading to application crash...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 2.0) - Insufficient Verification in cryptography package
Summary IBM Cloud Pak for Data System CPDS 2.0 uses the Python cryptography package version 3.3.2, which contains a critical vulnerability CVE-2026-26007 affecting elliptic curve cryptography operations. The package fails to verify that public key points belong to the expected prime-order subgrou...
Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB and Tomcat affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Tomcat and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing security restrictions, a...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-32776, CVE-2026-32777, CVE-2026-32778]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-32776, CVE-2026-32777, CVE-2026-32778 Vulnerability Details Refer to the security bulletins listed in th...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2024-29371]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by non-blocking (async) JSON parser in jackson-core (WS-2026-0003)
Summary SPSS Collaboration and Deployment Services is affected by non-blocking async JSON parser in jackson-core WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go (CVE-2025-47914)
Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Read in Golang Go, due to an issue with SSH Agent servers that do not validate the size of messages when processing new identity requests CVE-2025-47914. Golang Go is used in our speech-utilities. This vulnerabilitiy h...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls (CVE-2025-58189)
Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang Go - crypto/tls, due to Conn.Handshake fails during ALPN negotiation CVE-2025-58189. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy has been addressed. Please read the details fo...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls (CVE-2025-61730)
Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang Go - crypto/tls, where encryption levels fail to change after multiple messages during TLS 1.3 handshakes CVE-2025-61730. Golang Go - crypto/tls is used in our speech-utilities. This vulnerabilitiy h...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)
Summary IBM Watson Speech Services Cartridge is vulnerable to a condition in net/url that allows incorrect parse function values other than IPv6 addresses to be included in square brackets within the host component of a URL CVE-2025-47912, Net/url is used in our speech-utilities. This...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip (CVE-2025-61728)
Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in archive/zip, due to an issue in a super-linear file name indexing algorithm that can lead to a denial of service when consuming a maliciously constructed ZIP archive CVE-2025-61728. Archive/zip is...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1 (CVE-2025-58185)
Summary IBM Watson Speech Services Cartridge is vulnerable to an improper Allocation of Resources in encoding/asn1, caused by an issue which allows parsing of a maliciously crafted DER payload that could allocate large amounts of memory CVE-2025-58185. Encoding/asn1 is used in our speech-utilitie...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go (CVE-2025-61727)
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in Golang Go, due to an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate CVE-2025-61727. Golang Go is used in our speech-utilities...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go (CVE-2025-58181)
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Allocation of Resources in Golang Go, caused by an issue in SSH servers parsing GSSAPI authentication requests, which do not validate the number of mechanisms specified in the request CVE-2025-58181. Golang Go is used in ou...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-61729]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, caused by a contidtion within HostnameError.Error, when constructing an error string, where there is no limit to the number of hosts that will be printed out CVE-2025-61729. Crypto/x509 i...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources in net/url [CVE-2025-61726]
Summary IBM Watson Speech Services Cartridge is vulnerable to improper allocation of resources due to a failure of the net/url package to set a limit on the number of query parameters in a queryCVE-2025-61726. Net/url is used in our speech utilities. This vulnerabilitiy has been addressed. Please...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509 [CVE-2025-58187]
Summary IBM Watson Speech Services Cartridge is vulnerable to Inefficient Algorithmic Complexity in crypto/x509, due to non-linear processing time of some inputs scale with respect to the size of the certificate CVE-2025-58187. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509 [CVE-2025-58188]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/x509, due to incorrect processing of chains which contain DSA public keys. CVE-2025-58188. Crypto/x509 is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls [CVE-2025-61723]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of resources in crypto/tls, due to non-linear parsing of some invalid inputs scales CVE-2025-61723. Crypto/tls is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...