RHCOS 4 : OpenShift Container Platform 4.5.13 jenkins (RHSA-2020:3841)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3841 advisory. - jetty: double release of resource can lead to information disclosure CVE-2019-17638 - jenkins: user-specified tooltip values leads...

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

CVE-2022-37352

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2022-37352

PDF-XChange Editor is affected by a WMF parsing flaw that can trigger a read past the end of an allocated buffer. This vulnerability may allow remote disclosure of sensitive information and, when combined with other vulnerabilities, could enable arbitrary code execution in the context of the curr...

Security Bulletin: i2 Analyze has an information disclosure vulnerability (CVE-2019-17638)

Summary i2 Analyze uses a version of Jetty wth known vulnerabilities. Vulnerability Details CVEID: CVE-2019-17638 DESCRIPTION: Eclipse Jetty, as bundled in Jenkins, could allow a remote attacker to obtain sensitive information, caused by an issue with corrupt HTTP response buffer being sent to...

Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update

A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer

Summary In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.4.27 openshift-jenkins-2-container security update

An update for openshift-jenkins-2-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 7 : OpenShift Container Platform 4.5.13 jenkins (RHSA-2020:3841)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3841 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cro...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.5.13 jenkins security update

An update for jenkins is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 7 / 8 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3808 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Fedora: Security Advisory for eclipse-remote (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for eclipse-mpc (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for eclipse-mylyn (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for lucene (FEDORA-2020-cf8ef2f333)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 32 : 1:ecj / 1:eclipse / 1:eclipse-emf / 2:eclipse-cdt / batik / etc (2020-cf8ef2f333)

Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638. Note that Tenable Network Security has extracted the preceding description bloc...

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...

jenkins -- Buffer corruption in bundled Jetty

Jenkins Security Advisory: Description Critical SECURITY-1983 / CVE-2019-17638 Buffer corruption in bundled Jetty...

Eclipse Jetty Vulnerability (CVE-2019-17638) - Linux

Eclipse Jetty is prone to a vulnerability where sensitive information about clients could be obtained. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2019-17638

creationtimestamp| type| source ---|---|--- 2020-07-09 22:55:08+00:00| seen| https://t.me/cibsecurity/13373...