Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary Multiple vulnerabilities were addressed in IBM Cognos Command Center 10.2.5 FP1 IF2 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to...

Security Bulletin:Vulnerability in jetty-io affects IBM Netezza Appliance

Summary The jetty-io package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-1948 Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the...

ECHO-0976-1948-FDF3

Bulletin has no description...

Huawei EulerOS: Security Advisory for coreutils (EulerOS-SA-2025-1948)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : Red Hat Product OCP Tools 4.12 OpenShift Jenkins (RHSA-2025:10118)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10118 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...

RHEL 9 : Red Hat Product OCP Tools 4.16 OpenShift Jenkins (RHSA-2025:10098)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10098 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by...

CVE-2021-1948

Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrago...

CVE-2020-1948

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More detai...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot release, security update.

Red Hat build of Apache Camel 4.10.3 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

CVE-2025-1948 vulnerabilities

Vulnerabilities for packages: neo4j...

CVE-2025-1948 vulnerabilities

Vulnerabilities for packages: neo4j...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +750 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.16)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-10116751...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +751 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-hpack (>=12.0.0 <=12.0.16)

org.eclipse.jetty.http2:jetty-http2-hpack MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-10118703...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +750 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.16)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: OSV:GHSA-889J-63JV-QHR8...

CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

DEBIAN-CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2025-1948

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

Linux Distros Unpatched Vulnerability : CVE-2011-1948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. CVE-2011-1948...

Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1948)

The version of amazon-ssm-agent installed on the remote host is prior to 3.3.859.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1948 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive numb...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2023:1948)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1948 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...