Linux Distros Unpatched Vulnerability : CVE-2024-29133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended...

Linux Distros Unpatched Vulnerability : CVE-2023-24998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS wit...

Linux Distros Unpatched Vulnerability : CVE-2024-26308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26...

Linux Distros Unpatched Vulnerability : CVE-2024-47554

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resource...

Linux Distros Unpatched Vulnerability : CVE-2012-6153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the...

Linux Distros Unpatched Vulnerability : CVE-2013-0248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allo...

Linux Distros Unpatched Vulnerability : CVE-2012-2098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before 1.4.1...

PT-2025-12535

Name of the Vulnerable Software and Affected Versions: Apache Commons VFS versions prior to 2.10.0 Description: The FileObject API in Commons VFS has a resolveFile method that takes a scope parameter. Specifying NameScope.DESCENDENT promises that an exception is thrown if the resolved file is not...

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

Oracle WebCenter Portal (January 2025 CPU)

The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2025 CPU advisory. - jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers...

ROS-20250219-07

The vulnerability in the Apache Commons IO library is due to the fact that the application does not properly control the internal resource consumption when processing unreliable input data passed to the class org.apache.commons.io.input.XmlStreamReader. Exploitation of the vulnerability could all...

Apache Commons Vulnerabilities (CVE-2024-25710 and CVE-2024-26308)

CVE-2024-25710 Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-26308 Allocation of Resources Withou...

Azure Linux 3.0 Security Update: apache-commons-io (CVE-2024-47554)

The version of apache-commons-io installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47554 advisory. - Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

Security Bulletin: Denial of Service vulnerability in Apache Commons IO affects IBM Business Automation Workflow - CVE-2024-47554

Summary IBM Business Automation Workflow packages a vulnerable version of Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the...

Security Bulletin: Due to the use of Apache Commons IO, IBM WebSphere eXtreme Scale Liberty Deployment is vulnerable to an Uncontrolled Resource Consumption vulnerability

Summary YAJSW service is used for registering XSLD services with operating system. commons-io-2.11.0.jar bundled in YAJSW is vulnerable to CVE-2024-47554. This is fixed in yajsw-stable-13.13. Applying ifix PH65060 will upgrade YAJSW to 13.13 version. Vulnerability Details CVEID:CVE-2024-47554...