10 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-42503
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress:...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
Oracle Application Testing Suite (October 2024 CPU)
The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...
Security Bulletin: Apache Commons Compress vulnerability affect IBM Spectrum Control
Summary Apache Commons Compress is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2024-25710, CVE-2024-26308, CVE-2023-42503. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...
Oracle Primavera P6 Enterprise Project Portfolio Management (January 2024 CPU)
The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineeri...
Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...
Security Bulletin: Apache Commons Compress component is vulnerable to CVE-2023-42503 is used by IBM Maximo Application Suite
Summary IBM Maximo Application Suite uses Apache Commons Compress package which is vulnerable to CVE-2023-42503. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to ope...
CVE-2023-42503 vulnerabilities
Vulnerabilities for packages: trino, kayenta-fips, opensearch, kayenta...
CVE-2023-42503 vulnerabilities
Vulnerabilities for packages: opensearch, trino...
CVE-2023-42503
CVE-2023-42503: In Apache Commons Compress TAR parsing, improper input validation of pax header time fields (atime/mtime/ctime/LIBARCHIVE.creationtime) can be exploited to trigger denial-of-service via CPU exhaustion. A malformed TAR file crafted with extreme fractional times (or exponent notatio...