4458 matches found
Exploit for Code Injection in Apache Commons_Text
No d...
Security update for c3p0 and mchange-commons
This update for c3p0 and mchange-commons fixes the following issues: c3p0: Security issues fixed: CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: Security issues fixed: CVE-2026-27727:...
SUSE-SU-2026:0855-1 Security update for c3p0 and mchange-commons
This update for c3p0 and mchange-commons fixes the following issues: c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 - Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: - Security issues fixed: -...
Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2
Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address in the default configuration. An attacker can gain unauthorized access and potentially compromise confidentiality, integrity, and availability by exploiting the default configuration remotely withou...
org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.6), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +9 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.6)
org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.6 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-beta...
org.apache.iotdb:client-example (>=1.1.2 <=1.3.6), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.6)
org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2026-24015 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-15518633...
Security Bulletin: IBM WebSphere Application Server is affected by a denial of service due to Apache Commons FileUpload used by IBM Master Data Management (CVE-2025-48976)
Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in WebSphere Application Server which may allocate resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Vulnerability Details...
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.4 for Spring Boot release.
Red Hat build of Apache Camel 4.14.4 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
mchange-commons-0.4.0-1.1 on GA media (moderate)
mchange-commons-0.4.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10281-1 Rating: moderate Cross-References: CVE-2026-27727 CVSS scores: CVE-2026-27727 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-27727 SUSE : 9.2...
Security Bulletin: IBM Event Streams is vulnerable to improper access control
Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...
OPENSUSE-SU-2026:10281-1 mchange-commons-0.4.0-1.1 on GA media
These are all security issues fixed in the mchange-commons-0.4.0-1.1 package on the GA media of openSUSE Tumbleweed...
Remote Code Execution (RCE)
mchange-commons-java is vulnerable to Remote Code Execution RCE. The vulnerability is due to its independent JNDI dereferencing implementation allowing remote factoryClassLocation values, which can cause the application to download and execute attacker-controlled code when processing a malicious...
Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i ( CVE-2025-48734, CVE-2025-53057)
Summary IBM Rational Developer for i is affected by an improper access control vulnerability in Apache Commons CVE-2025-48734 and an improper access control vulnerability in Java CVE-2025-53057 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-48734...
[SECURITY] Fedora 43 Update: libmaxminddb-1.13.1-1.fc43
The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. This is a custom binary format designed to facilitate fast lookups of IP addresses while allowing for great flexibility in the type of data associated with an address. The...
SUSE CVE-2026-27727
mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an...
SUSE CVE-2026-27830
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the...
DEBIAN-CVE-2026-27830
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...