44 matches found
Amazon Linux 2023 : apache-commons-compress, apache-commons-compress-javadoc (ALAS2023-2025-841)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-841 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to moun...
Medium: apache-commons-compress
Issue Overview: When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package...
Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data
Summary Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. For CVE-2021-35517, when reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out o...
Amazon Linux 2 : apache-commons-compress (ALAS-2024-2627)
The version of apache-commons-compress installed on the remote host is prior to 1.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2627 advisory. When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally...
Atlassian Confluence 7.19.23 < 7.19.25 / 8.5.x < 8.5.12 / 8.9.x < 8.9.4 (CONFSERVER-96103)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-96103 advisory. - When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory erro...
Oracle JDeveloper Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: Oracle JDevelop...
Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining . CVE-2021-36090
Summary There is a vulnerability in Apache Commons Compress that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite
Summary Multiple Vulnerabilities in Apache Commons Compress affect WebSphere Application Server used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when...
Oracle WebLogic Server (Apr 2023 CPU)
The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache Commons Compress
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Apache Commons Compress shipped with product. Vulnerability Details CVEID:CVE-2021-35516 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memor...
Security Bulletin: IBM Security Verify Governance is vulnerable to denial of service due to use of Apache Commons Compress (CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516)
Summary IBM Security Verify Governance uses Apache Commons Compress which could allow a denial of service by a remote attacker, caused by multiple vulnerabilities CVE-2021-35517, CVE-2021-36090, CVE-2021-35515, CVE-2021-35516. The fix includes upgrading the Commons Collections jar to the patched...
Oracle Business Intelligence Publisher 5.9.x < 5.9.0(OAS) (Oct 2022 CPU)
The versions of Oracle Business Intelligence Enterprise Edition OAS installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2021-33517, CVE-2021-36090)
Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting I...
Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Liberty profile shipped with IBM Robotic Process Automation
Summary WebSphere Application Server Liberty profile is shipped as a component of IBM Robotic Process Automation. Information about security vulnerabilities affecting IBM WebSphere Application Server Liberty profile have been published in a security bulletin. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in WebSphere Liberty affecting Watson Knowledge Catalog for IBM Cloud Pak for Data
Summary WebSphere liberty is vulnerable to a DOS that is impacting Watson Knowledge Catalog for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of...
Security Bulletin: Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-35515, CVE-2021-35516, CVE-2021-36090, CVE-2021-35517)
Summary Apache Commons as used by IBM QRadar SIEM is vulnerable to denial of service. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2021-35515 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM InfoSphere Information Server
Summary Muiltiple vulnerabilities in WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server are addressed. Vulnerability Details CVEID: CVE-2021-29842 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty (CVE-2021-35517, CVE-2021-36090)
Summary IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of IBM Websphere Liberty. IBM Websphere Liberty is uses as a middleware server. Vulnerability Details CVEID: CVE-2021-35517 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service,...
Security Bulletin: IBM WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management (CVE-2021-35517, CVE-2021-36090)
Summary Denial of service vulnerabilities in Apache Commons which affects IBM WebSphere Application Server Liberty can affect the IBM Spectrum Protect Backup-Archive Client web user interface, IBM Spectrum Protect for Virtual Environments, and IBM Spectrum Protect for Space Management. UPDATED 14...
Security Bulletin: Vulnerabilities in IBM Java Runtime and IBM WebSphere Application Server Liberty affect IBM Operations Center and Client Management Service (CVE-2021-35578, CVE-2021-35517, CVE-2021-36090)
Summary A denial of service vulnerability in IBM® Runtime Environment Java, disclosed as part of the IBM Java SDK updates in October 2021, can affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. Denial of service vulnerabilities in Apache Commons...