Mageia: Security Advisory (MGASA-2025-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0106 Updated mosquitto packages fix security vulnerability

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

Updated mosquitto packages fix security vulnerability

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function...

Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)

Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.19.0 release

Red Hat OpenShift Dev Spaces 3.19 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System...

Security Bulletin: Vulnerabilities in Eclipse jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerabilities in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Eclipse Cyclone DDS 安全漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS versions prior to 0.10.5, which originates from an integer overflow during deserialization and could lead to an...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service and nonstandard cookie parsing due to hbase-client.

Summary hbase-client is used by the ds-cas-lite microservice as part of the Java client API for HBase. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ and Eclipse Jetty used by IBM Cognos Command Center. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Comman...

Linux Distros Unpatched Vulnerability : CVE-2024-8376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of...

Linux Distros Unpatched Vulnerability : CVE-2024-3935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection...

Linux Distros Unpatched Vulnerability : CVE-2024-1023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP...

Linux Distros Unpatched Vulnerability : CVE-2020-27225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an...

Linux Distros Unpatched Vulnerability : CVE-2023-36479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have th...

Linux Distros Unpatched Vulnerability : CVE-2023-4759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arbitrary File Overwrite in Eclipse JGit = 6.6.0 In Eclipse JGit, all versions = 6.6.0.202305301015-r, a symbolic link present in a specially crafted git...

Linux Distros Unpatched Vulnerability : CVE-2021-34428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not...

Linux Distros Unpatched Vulnerability : CVE-2024-1300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server nam...

Linux Distros Unpatched Vulnerability : CVE-2024-10525

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto m...

Linux Distros Unpatched Vulnerability : CVE-2021-34429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF...

Linux Distros Unpatched Vulnerability : CVE-2021-38441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML...