Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21277)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21277 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Oracle Java SE ( CVE-2022-21366)

Summary An unspecified vulnerability in Oracle Java SE - CVE-2022-21366 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Oracle Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21360)

Summary An unspecified vulnerability in Java SE - CVE-2022-21360 related to the ImageIO component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21365)

Summary An unspecified vulnerability in Java SE - CVE-2022-21365 related to the ImageIO has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

ai.idylnlp:idylnlp-dl4j (>=1.0.0 <=1.1.0), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +733 more potentially affected by CVE-2021-23792 via com.twelvemonkeys.imageio:imageio-metadata (>=3.0 <=3.7.0)

com.twelvemonkeys.imageio:imageio-metadata MAVEN version =3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.0.2, =0.3.0 - ai.konduit.serving:konduit-serving-gpu-nano =0.1.0 and more Source cves: CVE-2021-23792 Source advisory: OSV:GHSA-PJCH-4G28-FXX7...

External Entity Reference in TwelveMonkeys ImageIO

The package com.twelvemonkeys.imageio:imageio-metadata before version 3.7.1 is vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online...

GHSA-PJCH-4G28-FXX7 External Entity Reference in TwelveMonkeys ImageIO

The package com.twelvemonkeys.imageio:imageio-metadata before version 3.7.1 is vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online...

DEBIAN-CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

UBUNTU-CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

CVE-2021-23792

The CVE-2021-23792 issue affects the TwelveMonkeys project: the component com.twelvemonkeys.imageio:imageio-metadata is vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser when reading XMP Metadata. Affected versions are before 3.7.1. If an attacker can s...

TwelveMonkeys ImageIO 代码问题漏洞

TwelveMonkeys ImageIO is an add-on plug-in and extension for ImageIO for Java from the Norwegian individual developer Harald Kuhr. A security vulnerability exists in TwelveMonkeys ImageIO versions prior to 3.7.1, which stems from an insecure initialization of the XML parser that reads XMP metadat...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Java

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Java. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service...

The vulnerability of the ImageIO component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to cause a partial service failure.

The vulnerability of the ImageIO component in the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause a partial service failure remotely...

The vulnerability of the ImageIO component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to trigger a service failure.

The vulnerability of the ImageIO component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2022:1025-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1025-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

SUSE SLES15 Security Update : java-1_8_0-ibm (SUSE-SU-2022:1027-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1027-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization...

openSUSE 15 Security Update : java-1_8_0-ibm (openSUSE-SU-2022:1027-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:1027-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported...

PT-2022-4904 · Apple · Icloud For Windows +6

Name of the Vulnerable Software and Affected Versions: iCloud for Windows versions prior to 11.4 iCloud for Windows versions prior to 7.21 iOS versions prior to 14.0 iPadOS versions prior to 14.0 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iTunes for Windows versions prior to 12.10....

OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: ImageIO. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...