390 matches found
Security Bulletin: Apache Commons Compress is vulnerable to CVE-2024-26308 and CVE-2024-25710 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Compress which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress ...
Security Bulletin: Vulnerabilities in Apache Commons Compress and PostgreSQL might affect IBM Storage Copy Data Management
Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Compress and PostgreSQL. Vulnerabilities include causing a denial of service condition, and executing arbitrary SQL functions as the command issuer, as described by the CVEs in the "Vulnerability Details...
Security Bulletin: Multiple vulnerabilities in Apache Commons Compress may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-26308 & CVE-2024-25710)
Summary There are multiple vulnerabilities in Apache Commons Compress used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compre...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially...
Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)
Summary Vulnerabilities in Apache Commons Compress may affect IBM Storage Insights. Vulnerabilities include denial of service attacks, as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to ...
Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress.
Summary IBM i Access Client Solutions is vulnerable to an infinite loop CVE-2024-25710 or an out of memory error CVE-2024-26308 in Apache Commons Compress. Apache Commons Compress is used by the Data Transfer feature of IBM i Access Client Solutions when transferring data from reading xls and xls...
Oracle Primavera Gateway (April 2024 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...
Oracle Primavera Unifier (April 2024 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...
Security Bulletin: IBM DevOps Deploy / IBM Urbancode Deploy (UCD) is vulnerable to denial of service due to Apache Commons Compress ( CVE-2024-25710, CVE-2024-26308 )
Summary Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a...
The vulnerability of the Apache Commons Compress library, related to uncontrolled resource consumption, allows attackers to influence the accessibility of protected information.
The vulnerability of the Apache Commons Compress library is related to an uncontrolled resource consumption during the decompression of a corrupted Pack200 file. Exploiting this vulnerability allows an attacker to compromise the accessibility of protected information...
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a denial of service due to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)
Summary Apache Commons Compress is shipped with IBM Tivoli Netcool Impact as part of it's server communication infrastructure. Information about security vulnerabilities affecting Apache Commons Compress has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-25710...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7.1 addresses multiple existing security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-24680 DESCRIPTION: Django is vulnerable to a denial of service,...
Security Bulletin: IBM Automation Decision Services - March 2024 - CVE-2024-26308, CVE-2024-25710
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress...
commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service...
Important: apache-commons-compress
Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...
Important: apache-commons-compress
Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...
Important: javapackages-bootstrap
Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...
Important: javapackages-bootstrap
Issue Overview: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-25710 Affected Packages:...