apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2024-3061)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3061 advisory. - Resolves: rhbz1658846 CVE-2018-8034 pki-servlet-container: tomcat: host name verification missing in WebSocket client - Resolves: rhbz1579614 CVE-2018-8014...

pki-core:10.6 and pki-deps:10.6 security update

apache-commons-collections apache-commons-lang apache-commons-net bea-stax fasterxml-oss-parent 49-1 - Rebase to upstream version 49 26-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora28MassRebuild 26-5 - Fix license tag 26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora27MassRebuild...

Apache Tomcat 8.0.0.RC1 < 8.0.36

The version of Tomcat installed on the remote host is prior to 8.0.36. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.3and8.0.36security-8 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x befor...

Apache Tomcat 9.0.0.M1 < 9.0.0.M8

The version of Tomcat installed on the remote host is prior to 9.0.0.M8. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.0.m8security-9 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before...

Apache Tomcat 8.5.0 < 8.5.3

The version of Tomcat installed on the remote host is prior to 8.5.3. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.3and8.0.36security-8 advisory. - The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before...

commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flattenObject, int with a cyclical object tree. This issue could allow an attacker to trigger an out-of-bounds write that could lead to memory corruption or cause a...

commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()

A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator. This issue could allow an attacker to corrupt memory or execute a denial of service attack by crafting malicious property that...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)

Summary The Transformation Advisor tool in IBM App Connect Enterprise is vulnerable to a denial of service due to Apache Commons Compress. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is...

Security Bulletin: An IBM QRadar SIEM ArielRESTAPI protocol is vulnerable to Improper Validation (177835)

Summary The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal and is vulnerable to improper validation of input. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtai...

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is...

RHEL 6 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

RHEL 5 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Commons Net (CVE-2032-37533)

Summary The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Commons Net. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain...

Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress

Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...

GLSA-202405-21 : Commons-BeanUtils: Improper Access Restriction

The remote host is affected by the vulnerability described in GLSA-202405-21 Commons-BeanUtils: Improper Access Restriction - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

SUSE: Security Advisory (SUSE-SU-2024:1365-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202405-16 : Apache Commons BCEL: Remote Code Execution

The remote host is affected by the vulnerability described in GLSA-202405-16 Apache Commons BCEL: Remote Code Execution - The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files...