Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.23.0 Release.

Red Hat OpenShift Dev Spaces 3.23.0 has been released. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.23 release is based on...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and hi...

Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and...

Linux Distros Unpatched Vulnerability : CVE-2023-4218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil...

Linux Distros Unpatched Vulnerability : CVE-2013-0464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allo...

Linux Distros Unpatched Vulnerability : CVE-2022-2712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'...

Linux Distros Unpatched Vulnerability : CVE-2023-6194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition DTD references to external...

Malicious code in supercluster-changelog-nebula-eclipse (npm)

The package supercluster-changelog-nebula-eclipse was found to contain malicious code...

Malicious code in jabbah-eclipse-hexo-pipe (npm)

The package jabbah-eclipse-hexo-pipe was found to contain malicious code...

Malicious code in eclipse-sublimation-epigenetics-middleware (npm)

The package eclipse-sublimation-epigenetics-middleware was found to contain malicious code...

MAL-2025-44092 Malicious code in eclipse-sublimation-epigenetics-middleware (npm)

The package eclipse-sublimation-epigenetics-middleware was found to contain malicious code...

MAL-2025-46167 Malicious code in supercluster-changelog-nebula-eclipse (npm)

The package supercluster-changelog-nebula-eclipse was found to contain malicious code...

MAL-2025-44741 Malicious code in jabbah-eclipse-hexo-pipe (npm)

The package jabbah-eclipse-hexo-pipe was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2025-41242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be...

Linux Distros Unpatched Vulnerability : CVE-2025-5115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example ...

Linux Distros Unpatched Vulnerability : CVE-2025-4949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the...

Linux Distros Unpatched Vulnerability : CVE-2023-36478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer...

Linux Distros Unpatched Vulnerability : CVE-2023-28366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with...

Linux Distros Unpatched Vulnerability : CVE-2021-41036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check remlen size in readpacket. CVE-2021-41036 Note that Nessus relies on the...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability i...