110 matches found
Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...
EUVD-2020-0502
Malware in sbrugna...
EUVD-2023-1730
Malicious code in bioql PyPI...
Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality
Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics
Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...
Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities
Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...
Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager
Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...
Security Bulletin: Multiple Security Vulnerabilities in Google Guava Affects IBM Sterling B2B Integrator
Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from Google Guava Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and...
Linux Distros Unpatched Vulnerability : CVE-2023-2976
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream...
Linux Distros Unpatched Vulnerability : CVE-2018-10237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that...
Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...
Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...
Security Bulletin: Vulnerabilityies in Google Guava affect IBM watsonx.data
Summary Google Guava has vulnerabilities that could allow a local authenticated attacker to obtain sensitive information, allow a remote authenticated attacker to bypass security restrictions and be vulnerable to demial of service attacks. This can affect watsonx.data. Vulnerability Details...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...
Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to access restriction bypass and sensitive information exposure (CVE-2020-8908, CVE-2023-2976)
Summary Google Guava is used by IBM QRadar SIEM Amazon Web Services protocol, and it has known vulnerabilities. The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions,...
Security Bulletin: Google Guava vulnerability affect IBM Spectrum Control
Summary Google Guava could allow a local authenticated attacker to obtain sensitive information. This vulnerability affect IBM Spectrum Control. CVE-2023-2976. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive...
Security Bulletin: InfoSphere Data Replication is affected by a guava package vulnerbility (CVE-2023-2976)
Summary InfoSphere Data Replication uses the guava package. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw wit...
Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Google Guava
Summary A vulnerability has been identified in Google Guava, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a...
ROS-20240507-03
A vulnerability in the FileBackedOutputStream feature of the Google Guava Java library suite is related to the use of files and directories accessible to external parties. Exploitation of the vulnerability could allow an attacker to Gain unauthorized access to protected information...