3577 matches found
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty
Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...
Improper Input Validation
github.com/eclipse/paho.mqtt.golang is vulnerable to improper input validation. The vulnerability is due to unsafe conversion of string length from int32/int64 to int16 without overflow checks, which allows an attacker to craft oversized UTF-8 inputs that cause packet corruption or unintended dat...
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...
Critical: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System CVSS base score, which gives a detailed severity rating, ...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.17 (RHSA-2026:6011)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6011 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
Metasploit Wrap-Up 03/27/2026
Better NTLM Relaying Functionality This week’s release brings an improvement to the SMB NTLM relay server. In the past, it’s support has been expanded with modules for relaying to HTTP ESC8, MSSQL and LDAP while still receiving connections over the humble SMB service. Prior to this release, clien...
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code VS Code extension to pass the vetting process and go live in the registry. "The pipeline had a single boolea...
Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).
Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...
IBM WebSphere eXtreme Scale 8.6.1.0 < 8.6.1.6 (7267689)
The version of IBM WebSphere eXtreme Scale installed on the remote host is prior to 8.6.1.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 7267689 advisory. - In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names o...
Eclipse Che machine-exec Unauthenticated RCE
This module exploits an unauthenticated remote code execution vulnerability in the Eclipse Che machine-exec service CVE-2025-12548. The machine-exec service, exposed on port 3333 within Red Hat OpenShift DevSpaces developer workspace containers, accepts WebSocket connections without authenticatio...
PT-2026-28108
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and versions prior to 4.2.10.Final Description Netty, an asynchronous, event-driven network application framework, is susceptible to a Denial of Service DoS attack. A remote user can exploit this by sendin...
PT-2026-28107
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.132.Final and 4.2.10.Final Description Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Specifically, Netty terminates chunk header...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: SOAR App Host is using a component with a known vulnerability (CVE-2026-1188)
Summary IBM SOAR App Host uses an older version of the OMR component in OpenJ9 JVM that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 1.15.7.0 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTIO...
Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Paho Java client library
Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT serve...
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
org.eclipse.jgit: XXE vulnerability in Eclipse JGit
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...