Lucene search
K

44 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.12 views

Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...

7.5CVSS6.2AI score0.12945EPSS
Exploits0References4
Amazon
Amazon
added 2025/02/21 12:0 a.m.7 views

Medium: apache-commons-compress

Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...

7.5CVSS6.9AI score0.12945EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/03 8:49 p.m.11 views

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. For CVE-2021-35517, when reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out o...

7.5CVSS7.8AI score0.12945EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.29 views

Amazon Linux 2 : apache-commons-compress (ALAS-2024-2627)

The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2627 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally...

7.5CVSS6.3AI score0.12945EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/07/19 12:0 a.m.24 views

Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96103)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96103 advisory. - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory erro...

7.5CVSS6.2AI score0.12945EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/19 12:0 a.m.52 views

Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...

7.5CVSS6.5AI score0.12945EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 2:49 p.m.38 views

Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining . CVE-2021-36090

Summary There is a vulnerability in Apache Commons Compress that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

7.5CVSS7.8AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/19 7:44 p.m.32 views

Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite

Summary Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when...

7.5CVSS7.6AI score0.12945EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.477 views

Oracle WebLogic Server (Apr 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

7.5CVSS6.4AI score0.82262EPSS
Exploits9References17
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/20 6:25 a.m.41 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache Commons Compress

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Apache Commons Compress shipped with product. Vulnerability Details CVEID:CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memor...

7.5CVSS7.7AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 12:5 p.m.37 views

Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service due to use of Apache Commons Compress (CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516)

Summary IBM Security Verify Governance uses Apache Commons Compress which could allow a denial of service by a remote attacker, caused by multiple vulnerabilities CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516. The fix includes upgrading the Commons Collections jar to the patched...

7.5CVSS7.8AI score0.12945EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.39 views

Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)

The versions of Oracle Business Intelligence Enterprise Edition OAS installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites...

9.8CVSS7.2AI score0.42646EPSS
Exploits3References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.24 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2021-33517, CVE-2021-36090)

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting I...

8AI score0.12945EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/18 9:58 p.m.31 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Liberty profile shipped with IBM Robotic Process Automation

Summary WebSphere Application Server Liberty profile is shipped as a component of IBM Robotic Process Automation. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty profile have been published in a security bulletin. Vulnerability Details...

9.8CVSS9.9AI score0.42326EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/22 5:20 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data

Summary WebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of...

7.5CVSS2.2AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/06 6:14 p.m.35 views

Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)

Summary Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-35515 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of...

7.5CVSS2.7AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/04/27 11:7 p.m.24 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary Muiltiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow...

7.5CVSS1.6AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/16 2:14 p.m.33 views

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty (CVE-2021-35517, CVE-2021-36090)

Summary IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty. IBM Websphere Liberty is uses as a middleware server. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service,...

7.5CVSS7.6AI score0.12945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/14 9:48 p.m.26 views

Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)

Summary Denial of service vulnerabilities in Apache Commons which affects IBM WebSphere Application Server Liberty can affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management. UPDATED 14...

7.5CVSS7.8AI score0.12945EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/12 12:5 a.m.23 views

Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Operations Center and Client Management Service (CVE-2021-35578, CVE-2021-35517, CVE-2021-36090)

Summary A denial of service vulnerability in IBM® Runtime Environment Java, disclosed as part of the IBM Java SDK updates in October 2021, can affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Denial of service vulnerabilities in Apache Commons...

7.5CVSS6.8AI score0.12945EPSS
Exploits0Affected Software1
Rows per page
Query Builder