Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons BeanUtils vulnerability (USN-8322-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8322-1 advisory. It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass proper...

USN-8322-1: Apache Commons BeanUtils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

CLSA-2026-1775721575 binutils: Fix of 4 CVEs

CVE-2025-5244: fix NULL deref in elfgcsweep with empty groups - CVE-2025-5245: fix SEGV in debugtypesamep, handle undefined tagged enums - CVE-2026-3441 CVE-2026-3442: fix out-of-bounds read in XCOFF relocation processing...

CVE-2026-25141 Orval has a code injection via unsanitized x-enum-descriptions uing JS comments

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...

MAL-2025-41917 Malicious code in @rbacore/enums (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in @rbacore/enums (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Improper Access Control

Apache Commons BeanUtils is vulnerable to Improper Access Control. The vulnerability is due to insecure property access due to failure to restrict access to the declaredClass property of Java enums, allowing attackers to access the classloader and potentially execute arbitrary code...

Security update for slurm_24_11

This update for slurm2411 fixes the following issues: Update to version 24.11.5. Security issues fixed: CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator bsc1243666. Other changes and issues fixe...

CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2022-49251

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...

systemd security update

239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...

Malicious code in @zscaler/api-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c39d52170e43f12fe7201b08e2de04584d74da45150b565ffc66b523ef4d9b73 The OpenSSF Package Analysis project identified '@zscaler/api-enums' @ 5.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8487 Malicious code in @zscaler/api-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c39d52170e43f12fe7201b08e2de04584d74da45150b565ffc66b523ef4d9b73 The OpenSSF Package Analysis project identified '@zscaler/api-enums' @ 5.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in extensible-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 336896380fb13b7092e55f3756da694bd34818d4178f9cf615e012a4f7f6ed0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2938 Malicious code in extensible-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 336896380fb13b7092e55f3756da694bd34818d4178f9cf615e012a4f7f6ed0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-619 Malicious code in @t15-ui-kit/enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 685b27cb36fa8e419b3fa2de15e0a9513372b1a662cc2f443a92caa0ae1eb500 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...