Lucene search
K

13 matches found

SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.8 views

SUSE CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

6.5CVSS5.3AI score0.0017EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:57 p.m.31 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in Eclipse Jetty Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using t...

5.3CVSS6.6AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 12:20 a.m.105 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...

10CVSS9.7AI score0.99999EPSS
Exploits65Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 1:36 p.m.45 views

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

7.8CVSS7.7AI score0.53861EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/22 1:4 p.m.41 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions CVE-2023-41900 and a vulnerability around command quoting that could allow further attacks on the system CVE-2023-36479...

4.3CVSS5.2AI score0.01006EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/21 1:17 p.m.35 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions, and a vulnerability around command quoting that could allow further attacks on the system. Vulnerability Details...

4.3CVSS5.2AI score0.01006EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/18 12:4 p.m.60 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security...

5.3CVSS6.1AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 3:34 a.m.43 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Eclipse Jetty

Summary Multiple vulnerabilities in Eclipse Jetty used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty could provide weaker than expected security, caused by an errant command quoting flaw in the...

5.3CVSS6.3AI score0.01069EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/24 2:37 a.m.36 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Summary IBM Sterling Connect:Direct Web Services uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication validation when using the optional nested...

5.3CVSS5.8AI score0.01069EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2023/09/15 6:37 p.m.33 views

CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS5.5AI score0.01006EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/09/15 6:37 p.m.23 views

CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS5.9AI score0.01006EPSS
Exploits1References6
OSV
OSV
added 2023/09/14 4:16 p.m.2 views

GHSA-3GH6-V5V9-6V9J Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/09/14 4:16 p.m.49 views

Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8Affected Software4
Rows per page
Query Builder