Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 11:46 a.m.12 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-48976)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service vulnerability Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 11:39 a.m.7 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Access Control (CVE-2025-48734)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper access control vulnerability Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2...

8.8CVSS7.2AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 9:4 a.m.11 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial-of-service due to use of Apache Commons File Upload within IBM WebSphere Application Server Liberty

Summary This security bulletin addresses the vulnerabilitiy in IBM Tivoli Application Dependency Discovery Manager due to Apache Commons File Upload used in IBM WebSphere Application Server Liberty that is vulnerable to a denial of service CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976...

7.5CVSS6.4AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 6:44 a.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36099, CVE-2025-7962)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS5.6AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 9:23 p.m.24 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale if the HDFS layer is enabled are now addressed in 5.2.3.4 (CVE-2025-55163, CVE-2021-4264, CVE-2025-53864, CVE-2025-48924, CVE-2024-6484, CVE-2024-13009)

Summary The following vulnerabilities, which may affect IBM Storage Scale when the HDFS layer is enabled and could lead to weaker-than-expected security, have been addressed in Storage Scale version 5.2.3.4 or later: CVE-2025-55163, CVE-2021-4264, CVE-2025-53864, CVE-2025-48924, CVE-2024-6484, an...

8.8CVSS6.1AI score0.02164EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 4:20 p.m.22 views

Security Bulletin: Multiple Vulnerabilities in Netcool Operations Insights.

Summary Multiple vulnerabilities were addressed in Netcool Operations Insight version 1.6.15. Vulnerability Details CVEID:CVE-2025-27533 DESCRIPTION: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers w...

8.1CVSS9.1AI score0.89472EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:30 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to event thread locking due to the starlette package (CVE-2025-54121)

Summary Starlette is used by Astronomer with IBM as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In...

5.3CVSS6AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:29 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to local code execution due to the Helm package manager (CVE-2025-53547)

Summary Helm is used by Astronomer with IBM as part of service installation and management. Vulnerability Details CVEID:CVE-2025-53547 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock fi...

8.6CVSS7.2AI score0.00363EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:28 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled recursion due to the Apache Commons Lang package ( CVE-2025-48924)

Summary Apache Commons Lang is used by Astronomer with IBM as part of overall processing. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6...

5.3CVSS6.1AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:27 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the resolv package (CVE-2025-24294)

Summary Resolv is used by Astronomer with IBM as part of the DNS functionality. Vulnerability Details CVEID:CVE-2025-24294 DESCRIPTION: The attack vector is a potential Denial of Service DoS. The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a...

7.5CVSS6.2AI score0.00539EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:27 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to authorization bypass due to the Kubernetes NodeRestriction functionality (CVE-2025-4563)

Summary Kubernetes is used by Astronomer with IBM as part of overall processing and deployment. Vulnerability Details CVEID:CVE-2025-4563 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When t...

2.7CVSS7.6AI score0.0065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:26 p.m.3 views

Security Bulletin: Astronomer with IBM is vulnerable to uncontrolled redirects due to the urllib3 package (CVE-2025-50181, CVE-2025-50182)

Summary urllib3 is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a...

6.1CVSS6AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:25 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to leaked credentials due to the requests package (CVE-2024-47081).

Summary Requests is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific...

5.3CVSS6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:24 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to unrestricted filesystem writes due to the tar-fs package (CVE-2025-48387)

Summary Tar-fs is used by Astronomer with IBM as part of tar file processing. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir...

8.7CVSS5.7AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 2:22 p.m.7 views

Security Bulletin: Astronomer with IBM is vulnerable to invalid signature verification due to the OpenPGP.js package (CVE-2025-47934)

Summary OpenPGP.js is used by Astronomer with IBM as part of OpenPGP processing functionality. Vulnerability Details CVEID:CVE-2025-47934 DESCRIPTION: OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously...

8.7CVSS8.2AI score0.00642EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 10:25 a.m.24 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality [CVE-2025-1993]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring instances store their flows in a database that is protected by weaker than expected cryptographic algorithms that could be decrypted by a local user. This bulletin provides patch information to address the vulnerability in I...

5.5CVSS6AI score0.00111EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 10:10 a.m.11 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-9670)

Summary IBM Security SOAR uses an older version of the turndown javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.8.0 Vulnerability Details CVEID:CVE-2025-9670 DESCRIPTION...

6.9CVSS5.2AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 9:58 a.m.14 views

Security Bulletin: Due to the use of Swagger UI, IBM Security SOAR is vulnerable to spoofing attacks..

Summary IBM Security SOAR uses Swagger-UI internally. CVE-2025-25031 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this...

4.3CVSS6.2AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 6:10 a.m.18 views

Security Bulletin: Vulnerabilities in Apache Tomcat Server (CVE-2025-52434, CVE-2025-48989, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-49125, CVE-2025-48988, CVE-2025-46701, CVE-2025-31651, CVE-2025-31650) affect Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomca...

9.8CVSS8AI score0.66933EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 6:9 a.m.11 views

Security Bulletin: Vulnerabilities in httpd library (CVE-2024-47252, CVE-2025-23048, CVE-2025-49630) affect Power HMC.

Summary The httpd library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-47252 DESCRIPTION: Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS...

9.1CVSS7.5AI score0.01149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/20 4:3 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...

7.5CVSS7.3AI score0.00644EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 5:43 p.m.9 views

Security Bulletin: Security vulnerability in form-data may affect IBM Business Automation Workflow - CVE-2025-7783

Summary IBM Business Automation Workflow references a vulnerable copy of the form-data open source library. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS6.5AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 4:13 p.m.5 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool/OMNIbus WebGUI due to the October 2025 CPU

Summary Websphere Application Server WAS is shipped as a component of IBM Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 3:30 p.m.9 views

Security Bulletin: Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to multiple vulnerabilities.

Summary Due to the use of IBM WebSphere Application Server Liberty, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a multiple vulnerabilities CVE-2025-48976, CVE-2025-36047 and CVE-2024-56339. IBM WebSphere Application Server Liberty has...

7.5CVSS7.1AI score0.64718EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 3:7 p.m.11 views

Security Bulletin: Due to use of the sha.js library, IBM watsonx Code Assistant IDE Extensions is affected by Improper Input Validation vulnerability

Summary Sha.js is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20: Improper Inpu...

9.1CVSS7AI score0.00651EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 3:6 p.m.7 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2025-9230 , CVE-2025-9232 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based...

7.5CVSS7.4AI score0.02016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 3:4 p.m.16 views

Security Bulletin: AIX/VIOS is affected by multiple vulnerabilities due to Python

Summary There are multiple vulnerabilities in Python used by AIX CVE-2025-59375, CVE-2024-47081, CVE-2025-6965, CVE-2024-5642. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attacke...

7.7CVSS6.9AI score0.73495EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:34 p.m.13 views

Security Bulletin: CVE-2025-4598

Summary Mitigation for CVE-2025-4598 Vulnerability Details CVEID:CVE-2025-4598 DESCRIPTION: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump,...

4.7CVSS6.3AI score0.00641EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:32 p.m.5 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-7783)

Summary IBM Security SOAR uses an older version of the form-data javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.7.1 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTIO...

9.4CVSS6.7AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:30 p.m.28 views

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2005-2541 DESCRIPTION: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gai...

10CVSS7.8AI score0.73327EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:27 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to HTTP parameter pollution due to the form-data package (CVE-2025-7783)

Summary Form-data is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 2:27 p.m.5 views

Security Bulletin: Due to use of Java SE, IBM Security SOAR is affected by unspecified vulnerabilities (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 & CVE-2025-30754)

Summary IBM Security SOAR uses Java SE library internally. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracl...

8.1CVSS6.2AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 1:56 p.m.10 views

Security Bulletin: Eventlet Pre-0.40.3 HTTP Trailer Parsing Flaw Enables HTTP Request Smuggling

Summary Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch...

9.1CVSS6.7AI score0.00363EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 1:46 p.m.8 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-5889)

Summary IBM Security SOAR uses an older version of brace-expansion that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.7.1 or later. Vulnerability Details CVEID:CVE-2025-5889...

3.1CVSS5.6AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 12:57 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities in IBM Cloud Pak for Multicloud Management have been addressed in 2.3 FP12 Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this onl...

9.1CVSS7.8AI score0.04575EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 10:35 a.m.7 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle(CVE-2025-8916 & CVE-2025-8885)

Summary IBM App Connect Enterprise runtime and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in...

6.3CVSS6.6AI score0.00505EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 8:45 a.m.5 views

Security Bulletin: Vulnerability in libxml2 library (CVE-2025-32415) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer...

7.5CVSS6.8AI score0.00527EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 8:44 a.m.5 views

Security Bulletin: Vulnerabilities in pam library (CVE-2025-6020, CVE-2025-8941) affect Power HMC.

Summary The pam library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing...

7.8CVSS6AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 6:43 a.m.4 views

Security Bulletin: Erlang/OTP SSH Handshake Hardening Bypass Enables MitM Injection (Patched in OTP 25–27 Updates)

Summary Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 for OTP-27, OTP-26.2.5.12 for OTP-26, and OTP-25.3.2.21 for OTP-25, Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged...

3.7CVSS6.6AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 7:12 p.m.6 views

Security Bulletin: Astronomer with IBM is vulnerable to path traversal issues due to the setuptools package (CVE-2025-47273)

Summary Setuptools is used by Astronomer with IBM as part of the package management functionality. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability ...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 7:10 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to memory leaks due to the undici package (CVE-2025-47279)

Summary Undici is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-47279 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like syste...

3.1CVSS6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 6:9 p.m.3 views

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages has vulnerable crypto.js package (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about crypto.js package vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVE. F...

5.3CVSS6.4AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 6:5 p.m.17 views

Security Bulletin: IBM OpenPages fixes multiple Spring vulnerabilities

Summary Multiple vulnerabilities on Spring library with have been addressed in the latest IBM OpenPages fixpack for 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type...

7.5CVSS6.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:59 p.m.14 views

Security Bulletin: IBM OpenPages fixes Apache Tika library vulnerability via XML External Entity injection

Summary Apache Tika library vulnerability via XML External Entity injection with IBM OpenPages have been addressed in the latest IBM OpenPages fixpack for 8.3, 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.1...

9.8CVSS6.9AI score0.02962EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:33 p.m.5 views

Security Bulletin: IBM i is affected by obtaining information without proper authority [CVE-2025-36371]

Summary IBM i is vulnerable to a user obtaining information in the database plan cache implementation without the proper authority CVE-2025-36371 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-36371 DESCRIPTION: IBM i is impacted by an obtaining informatio...

6.5CVSS6.3AI score0.00232EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:11 p.m.23 views

Security Bulletin: Logback-Core ≤1.5.18 Conditional Config Processing Flaw Enables ACE via Malicious Config or Env Variable

Summary ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

7CVSS7.8AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:10 p.m.7 views

Security Bulletin: In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

Summary In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Vulnerability Details CVEID:CVE-2024-28219 DESCRIPTION: In imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. CWE:CWE-680:...

6.7CVSS7.3AI score0.00989EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:6 p.m.6 views

Security Bulletin: Netty LF-Only Chunk Terminator Flaw Enables HTTP Request Smuggling (Fixed in 4.1.125/4.2.5)

Summary Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size li...

7.5CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:6 p.m.5 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on...

7.5CVSS6.7AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/18 5:2 p.m.4 views

Security Bulletin: Netty Decompression Decoders Allow Unbounded Buffer Allocation Leading to DoS (Fixed in 4.1.125/4.2.5)

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially...

7.5CVSS6.5AI score0.00561EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608