4456 matches found
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...
Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.
Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...
RHCOS 4 : OpenShift Container Platform 4.9.19 (RHSA-2022:0339)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0339 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
RHCOS 4 : OpenShift Container Platform 4.7.43 (RHSA-2022:0491)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0491 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
RHCOS 4 : OpenShift Container Platform 4.8.31 (RHSA-2022:0483)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0483 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
RHCOS 3 : OpenShift Container Platform 3.11.634 (RHSA-2022:0555)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0555 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
RHCOS 4 : OpenShift Container Platform 4.6.55 (RHSA-2022:0565)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0565 advisory. - jenkins: no POST request is required for the endpoint handling manual build requests which could result in CSRF CVE-2022-20612 -...
RHCOS 2 : Red Hat OpenShift Enterprise 2.2.10 (RHSA-2016:1773)
The remote Red Hat Enterprise Linux CoreOS 2 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1773 advisory. - CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix CVE-2014-3577 - apache-commons-collections: InvokerTransformer...
RHCOS 3 : Red Hat OpenShift Enterprise 3.1.1 update (Important) (RHSA-2016:0070)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0070 advisory. - commons-fileupload: Arbitrary file upload via deserialization CVE-2013-2186 - stapler-adjunct-zeroclipboard: multiple cross-site...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons IO
Summary A vulnerability has been identified in Apache Commons IO, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Docker_Desktop_POC
Java vulnerable scan POC Minimal Maven project used to comp...
Oracle Business Process Management Suite (14.1.2.0.0) (April 2026 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the April 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commons...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons IO vulnerability (USN-8191-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8191-1 advisory. It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resourc...
USN-8191-1: Apache Commons IO vulnerability
It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...
USN-8191-1 commons-io vulnerability
It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in commons-io library
Summary Vulnerabilities have been identified in commons-io library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang
Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...
EUVD-2026-23310
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTransformer deserialization gadget chain. Quartz 2.3.2, also bundled in the application, deserializ...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.
Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27727 DESCRIPTION:...
Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center
This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...