USN-7208-1 bcel vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

USN-7208-1: Apache Commons BCEL vulnerability

Felix Wilhelm discovered that Apache Commons BCEL APIs incorrectly handled parameters due to a memory issue. An attacker supplying malicious input could exploit this to generate and execute arbitrary bytecode...

Atlassian Confluence 7.14.x < 7.19.25 / 7.20.x < 8.5.12 / 8.6.x < 8.9.4 / 9.2.0 (CONFSERVER-98680)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98680 advisory. - Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3...

Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.

Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class.

Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing dot dot sequences /../ to view arbitrary files on the system...

PT-2025-25565

Name of the Vulnerable Software and Affected Versions Apache Commons FileUpload versions 1.0 through 1.5 Apache Commons FileUpload versions 2.0.0-M1 through 2.0.0-M3 Description The issue is related to the allocation of resources for multipart headers with insufficient limits, which enables a...

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in SBLIM and Apache Commons Library

Summary SBLIM and Apache Commons used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2008-7230, CVE-2010-1937 and CVE-2012-2328 Vulnerability Details CVEID:CVE-2008-7230 DESCRIPTION: An unspecified vulnerability in SBLIM-SFCB Small Footprint CIM Broker has an...

Security Bulletin: IBM Operational Decision Manager for Nov 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47554...

OESA-2024-2558 apache-commons-io security update

Apache commons IO library is used for developing IO functionality. It contains a collecton of utilities with utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Security Fixes: Uncontrolled Resource Consumption vulnerability in...

Oracle Siebel Server <= 22.3 (July 2024 CPU)

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the July 2024 CPU advisory. - Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM component: Installation Apache Commons Compress. Supported versions that are affect...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons-Codec version less than 1.13

Summary A vulnerability has been identified in Apache Commons-Codec version less than 1.13, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details IBM X-Force ID: 177835...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to Apache Commons Codec (177835)

Summary IBM Sterling B2B Integrator uses Apache Commons Codec. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

K000148649: Apache Commons vulnerability CVE-2024-47554

Security Advisory Description Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0...

OSV-2024-1313 Security exception in org.apache.commons.codec.language.bm.Rule$Phoneme.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379008019 Crash type: Security exception Crash state: org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.PhoneticEngine$PhonemeBuilder.app...

Security Bulletin: IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure (CVE-2021-37533)

Summary IBM B2B Sterling Integrator is affected by Apache Commons Net vulnerability information disclosure CVE-2021-37533 Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with the FTP clien...

Security Bulletin: IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability

Summary IBM B2B Sterling Integrator is vunerable to denial of services attacks due to an Apache Commons vulnerability Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to op...

apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...

Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...

SUSE-RU-2024:3971-1 Recommended update for mojo-parent

This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...

CBL Mariner 2.0 Security Update: apache-commons-io (CVE-2024-47554)

The version of apache-commons-io installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47554 advisory. - Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...