Lucene search
K

2994 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/24 12:0 a.m.40 views

RHCOS 4 : OpenShift Container Platform 4.9.59 (RHSA-2023:1524)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:1524 advisory. - apache-commons-text: variable interpolation RCE CVE-2022-42889 Note that Nessus has not tested for this issue but has instead relied only o...

9.8CVSS7AI score0.99931EPSS
Exploits41References7
0day.today
0day.today
added 2024/01/21 12:0 a.m.522 views

Apache Commons Text 1.9 Remote Code Execution Exploit

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup...

9.8CVSS10AI score0.99931EPSS
Exploits41
Metasploit
Metasploit
added 2024/01/19 7:50 p.m.592 views

Apache Commons Text RCE

This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to Remote Code Execution. This is due to a logic flaw that makes the "script", "dns" and "url" lookup keys...

9.8CVSS8.7AI score0.99931EPSS
Exploits41
Packet Storm
Packet Storm
added 2024/01/19 12:0 a.m.386 views

Apache Commons Text 1.9 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons Text RCE', 'Description' = %q This exploit takes advantage of the StringSubstitutor interpolator class, which is included in the...

9.8CVSS7.4AI score0.99931EPSS
Exploits41
Tenable Nessus
Tenable Nessus
added 2024/01/19 12:0 a.m.52 views

Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...

7.5CVSS6.5AI score0.13292EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.33 views

Oracle Primavera Unifier (January 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Platform Google Guava. Supported versions that...

9.1CVSS6.4AI score0.01713EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.77 views

Oracle Primavera P6 Enterprise Project Portfolio Management (January 2024 CPU)

The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineeri...

7.5CVSS6.3AI score0.01449EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.35 views

Oracle WebCenter Portal Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component:...

7.5CVSS6.4AI score0.19442EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.25 views

Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...

9.8CVSS7.4AI score0.89804EPSS
Exploits12References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 7:33 a.m.43 views

Security Bulletin: IBM Automation Decision Services December 2023 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could...

9.8CVSS7.9AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/15 7:23 a.m.16 views

Security Bulletin: Security vulnerability in apache commons-codec may affect IBM Business Automation Workflow Case and Case History event emitters

Summary IBM Business Automation Workflow is vulnerable to an information leagage vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker cou...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/09 3:55 p.m.60 views

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM WebSphere Application Server Liberty shipped with IBM Security Verify Access (CVE-2023-24988, CVE-2023-44487, CVE-2023-46158)

Summary Security Vulnerability fixes in IBM WebSphere Application Server Liberty have been shipped with IBM Security Verify Access 10.0.7.0 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

9.8CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/05 5:50 a.m.44 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager software component

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager software component. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw...

7.5CVSS7.8AI score0.0486EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/20 5:57 p.m.25 views

Security Bulletin: Apache commons fileupload vulnerability affect embedded Content Platform Engine in IBM Business Automation Workflow - CVE-2023-24998

Summary The embedded Content Platform Engine in IBM Business Automation Workflow is affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the numb...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
Broadcom
Broadcom
added 2023/12/18 12:0 a.m.52 views

Apache Commons IO Vulnerability (CVE-2021-29425)

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above thus "limited" path...

4.8CVSS7.3AI score0.10608EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 11:58 a.m.24 views

Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...

5.5CVSS6.2AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/12 1:1 p.m.29 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Apache Commons Compress

Summary Vulnerability in Apache Commons Compress may affect IBM Storage Insights. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted TAR file,...

5.5CVSS6.1AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 1:2 p.m.27 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary There is a vulnerability in the Apache Commons FileUpload library used by BM Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caus...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/06 1:2 p.m.13 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to a remote attacker to traverse directories due to Apache Commons IO (CVE-2021-29425)

Summary A vulnerability has been identified in the Apache Commons IO library, which is included in IBM® Jazz Reporting Service. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: Apache Commons IO could allow a remote attacker to traverse...

5.8CVSS6.4AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 2:47 p.m.32 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Compress

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Compress. Vulnerability Details CVEID: CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a...

5.5CVSS6.5AI score0.00489EPSS
Exploits0Affected Software1
Rows per page
Query Builder