Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:17 p.m.11 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026

Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...

7.5CVSS6AI score0.00631EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:13 p.m.28 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF008. Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in...

8.3CVSS7.5AI score0.09116EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 4:54 p.m.6 views

Security Bulletin: Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities [CVE-2025-41250,CVE-2025-41241]

Summary Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities CVE-2025-41250,CVE-2025-41241. IBM Cloud Pak System has addressed these vulnerabilities. IBM Cloud Pak System includes the patched vCenter Server 8.0 U3g release as par...

8.5CVSS5.9AI score0.00638EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 4:53 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System

Summary Vulnerabilities in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Cloud Pak Sytem has delivered updated workload nodes to VMware ESXi 83U3g. Vulnerability Details CVEID:CVE-2025-41236 DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a...

9.3CVSS6.2AI score0.02173EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 4:45 p.m.8 views

Security Bulletin: A MongoDB zlib protocol flaw lets unauthenticated clients read uninitialized heap memory in multiple versions prior to patched releases.

Summary Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to...

8.7CVSS5.9AI score0.83007EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:15 p.m.6 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Denial of Service (DoS) due to malformed token parsing in golang.org/x/oauth2 module (CVE-2025-22868)

Summary Potential vulnerabilities in golang.org/x/oauth2 module CVE-2025-22868 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during...

7.5CVSS7.3AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:14 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configuration of cataloged remote storage aliases (CVE-2025-36365)

Summary IBM® Db2® under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. Vulnerability Details CVEID:CVE-2025-36365 DESCRIPTION: IBM Db2 for Linux...

7.5CVSS6.1AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:12 p.m.9 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to service disruption due to memory exhaustion vulnerability in expression parser

Summary Potential vulnerabilities in github.com/Expr-lang/expr module CVE-2025-29786 have been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-29786 DESCRIPTION: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...

7.5CVSS5.8AI score0.00577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 2:11 p.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to DoS due to unbounded memory allocation in golang.org/x/crypto SSH implementation (CVE-2025-22869)

Summary Potential vulnerabilities in golang.org/x/crypto module CVE-2025-22869 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from...

7.5CVSS7.3AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 10:5 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn

Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...

8.7CVSS5.9AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:41 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to urllib3

Summary urllib3 is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiati...

6.1CVSS5.8AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:17 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:14 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin

Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 9:11 a.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.3.0 Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore functio...

8.7CVSS6.3AI score0.03092EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:30 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756.

Summary IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the she...

7.5CVSS6.3AI score0.03092EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:29 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204

Summary IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation o...

7.5CVSS5.9AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:28 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...

8.7CVSS5.7AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:27 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...

8.6CVSS5.9AI score0.00689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:24 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352

Summary IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION: A vulnerability exists in the...

5.3CVSS6.1AI score0.00329EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 6:19 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS5.9AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 6:4 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471.

Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a...

8.9CVSS6.1AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 6:3 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471.

Summary IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client...

8.9CVSS6.1AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:51 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68154 DESCRIPTION: systeminformation is a System...

8.1CVSS6.1AI score0.12863EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:50 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.

Summary IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature...

7.5CVSS5.8AI score0.002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:50 a.m.11 views

Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.

Summary IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In...

7.5CVSS5.8AI score0.002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:48 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472.

Summary IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

6.8CVSS5.9AI score0.02332EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:46 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566.

Summary IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides...

8.8CVSS6AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:45 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460.

Summary IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-13372 DESCRIPTION: An issue was discovered in 5.2 before...

7.5CVSS5.8AI score0.02143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:43 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.

Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...

7.5CVSS5.8AI score0.0081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.9 views

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

8.7CVSS5.9AI score0.00689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

9.8CVSS6.2AI score0.01553EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.13 views

Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345.

Summary IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users ...

8.8CVSS6.6AI score0.01939EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:35 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.

Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...

8.9CVSS6.1AI score0.00593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:54 p.m.6 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when given a specially crafted query (CVE-2025-36387)

Summary IBM® Db2® is vulnerable to a denial of service when given a specially crafted query with QGM objects that contain specific subquery expressions. Vulnerability Details CVEID:CVE-2025-36387 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an...

6.5CVSS5.9AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:54 p.m.9 views

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation due to the use of an unquoted search path element (CVE-2025-36384)

Summary IBM® Db2® for Windows could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. Vulnerability Details CVEID:CVE-2025-36384 DESCRIPTION: IBM Db2 for Windows could allow a local user with filesystem access to escalate the...

8.4CVSS5.9AI score0.00163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:41 p.m.11 views

Security Bulletin: IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on (CVE-2025-8916)

Summary IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules,...

6.3CVSS5.9AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:39 p.m.8 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2025-36353)

Summary IBM® Db2® is vulnerable to denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36353 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of servic...

6.2CVSS5.9AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:33 p.m.8 views

Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service as the server may crash when using a specially crafted statement (CVE-2025-36423)

Summary IBM® Db2® IBM® Db2® Federated server is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36423 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local use...

6.5CVSS5.9AI score0.00242EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:33 p.m.8 views

Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)

Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...

7.5CVSS5.9AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:30 p.m.8 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper allocation of resources (CVE-2025-36098)

Summary IBM® Db2® could allow an authenticated user to cause a denial of service due to improper allocation of resources. Vulnerability Details CVEID:CVE-2025-36098 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...

6.5CVSS5.9AI score0.00347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:27 p.m.7 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when copying large tables containing XML data (CVE-2025-36123)

Summary IBM® Db2® could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. Vulnerability Details CVEID:CVE-2025-36123 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow ...

6.2CVSS5.9AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:25 p.m.9 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables (CVE-2025-36070)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details CVEID:CVE-2025-36070 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as a trap may occur...

7.5CVSS5.9AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:24 p.m.8 views

Security Bulletin: IBM® Db2® is vulnerable to Local Privilege Escalation and get root access to the system (CVE-2025-36184)

Summary IBM® Db2® is vulnerable to Local Privilege Escalation to root due to execution of unnecessary privileges operated at a higher than minimum level. Vulnerability Details CVEID:CVE-2025-36184 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an instance...

7.2CVSS6.1AI score0.00471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:23 p.m.8 views

Security Bulletin: IBM® Db2® could allow an authenticated user to cause a denial of service using a specially crafted SQL statement that includes XML (CVE-2025-36001)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. Vulnerability Details CVEID:CVE-2025-36001 DESCRIPTION: IBM Db2 for...

6.5CVSS5.9AI score0.00347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:22 p.m.8 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic (CVE-2025-36428)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled. Vulnerability Details CVEID:CVE-2025-36428 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an...

5.3CVSS5.9AI score0.003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:17 p.m.10 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2 (CVE-2025-58056, CVE-2025-58057, CVE-2025-55163)

Summary IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...

8.2CVSS5.8AI score0.00979EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 3:12 p.m.5 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2025-36442)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. Vulnerability Details CVEID:CVE-2025-36442 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denia...

7.5CVSS5.9AI score0.00387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 2:56 p.m.11 views

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause denial of service or confidentiality impacts. CVE-2025-38471 CVE-2025-38718 CVE-2025-39682 CVE-2025-38550. Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following...

7.8CVSS6.5AI score0.00178EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 2:54 p.m.10 views

Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause a denial of service. CVE-2025-38718. Vulnerability Details CVEID:CVE-2025-38718 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets i...

7.8CVSS6.6AI score0.00151EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 2:37 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718

Summary IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML...

5.3CVSS5.9AI score0.00378EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608