SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration2 (SUSE-SU-2024:1365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1365-1 advisory. - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apache-commons-configuration (SUSE-SU-2024:1377-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1377-1 advisory. - Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache...

SUSE-SU-2024:1377-1 Security update for apache-commons-configuration

This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclica...

SUSE-SU-2024:1365-1 Security update for apache-commons-configuration2

This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclic...

Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress.

Summary IBM i Access Client Solutions is vulnerable to an infinite loop CVE-2024-25710 or an out of memory error CVE-2024-26308 in Apache Commons Compress. Apache Commons Compress is used by the Data Transfer feature of IBM i Access Client Solutions when transferring data from reading xls and xls...

Oracle Application Testing Suite (April 2024 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to remote code execution due to Apache Commons BeanUtils (CVE-2014-0114)

Summary IBM Sterling B2B Integrator uses Apache Commons BeanUtils. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2014-0114 DESCRIPTION: Apache Commons BeanUtils, as distributed in lib/commons-beanutils in Apache Struts could allow a...

PT-2024-40697 · Apache · Apache Commons Configuration2

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration2 affected versions not specified Description: The issue is related to a security exception in the org.apache.commons.configuration2 package. Specifically, the problem occurs in the...

Important: tomcat

Issue Overview: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

Amazon Linux 2 : tomcat (ALAS-2024-2517)

The version of tomcat installed on the remote host is prior to 7.0.76-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2517 advisory. Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the...

Oracle Primavera Gateway (April 2024 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...

Oracle Primavera Unifier (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ Version 11 and Apache Commons

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11, Apache Commons Compress and Apache Commons Configuration used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF2 has addressed the applicable CVEs by upgrading to non-vulnerable versions of these libraries. Please...

The vulnerability of the Apache Commons Compress library, related to executing a loop with an unreachable exit condition, allows attackers to compromise the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the Apache Commons Compress library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to compromise the integrity, accessibility, and confidentiality of the protected information...

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Apache Commons BCEL (CVE-2022-42920)

Summary IBM Sterling B2B Integrator uses Apache Commons BCEL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...

Security Bulletin: IBM DevOps Deploy / IBM Urbancode Deploy (UCD) is vulnerable to denial of service due to Apache Commons Compress ( CVE-2024-25710, CVE-2024-26308 )

Summary Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a...

The vulnerability of the Apache Commons Compress library, related to uncontrolled resource consumption, allows attackers to influence the accessibility of protected information.

The vulnerability of the Apache Commons Compress library is related to an uncontrolled resource consumption during the decompression of a corrupted Pack200 file. Exploiting this vulnerability allows an attacker to compromise the accessibility of protected information...

commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a denial of service due to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)

Summary Apache Commons Compress is shipped with IBM Tivoli Netcool Impact as part of it's server communication infrastructure. Information about security vulnerabilities affecting Apache Commons Compress has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-25710...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.11 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...