ROOT-APP-MAVEN-CVE-2023-2976 CVE-2023-2976 in io.root.com.google.guava:guava - Patched by Root

Root has patched CVE-2023-2976 in the io.root.com.google.guava:guava package for Root:Maven. Multiple fixed versions available...

Unity Linux 20.1060e / 20.1070e Security Update: guava (UTSA-2026-017554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017554 advisory. A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary...

Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...

EUVD-2021-0611

Malware in sbrugna...

EUVD-2020-0502

Malware in sbrugna...

EUVD-2023-1730

Malicious code in bioql PyPI...

Security Bulletin: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` allows other users and apps to be able to access the files created by the class, which affects IBM watsonx.data

Summary Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the...

Security Bulletin: IBM webMethods Integration Server is affected by vulnerable Google Guava 30.0 jar used in the GraphQL functionality

Summary Google Guava is used by IBM webMethods Integration Server as part of the GraphQL functionality. CVE-2023-2976, CVE-2020-8908. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versio...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Security Bulletin: IBM Planning Analytics Workspace is affected but not considered vulnerable to multiple vulnerabilities

Summary IBM Planning Analytics Workspace is affected but not classified as vulnerable to multiple vulnerabilities based on current information, in the following 3rd-party components: Node.js word-wrap CVE-2023-26115, Node.js semver CVE-2022-25883, Node,js dicer, CVE-2022-24434, Redis...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

Security Bulletin: Multiple vulnerabilities in DITA, Apache Batik, Apache FOP may affect IBM Business Automation Workflow and IBM Case Manager

Summary IBM Business Automation Workflow and IBM Case Manager packages DITA for documentation generation in Case Management. Multiple CVEs have been reported for open source libraries repackaged in DITA. A few of the same open source libraries, such as Apache Batik and Apache FOP, are also used f...

Security Bulletin: Multiple Security Vulnerabilities in Google Guava Affects IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities from Google Guava Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and...

Linux Distros Unpatched Vulnerability : CVE-2023-2976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream...

Linux Distros Unpatched Vulnerability : CVE-2020-8908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a tempora...

Linux Distros Unpatched Vulnerability : CVE-2018-10237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that...

CVE-2020-8908 affecting package guava 25.0-5

CVE-2020-8908 affecting package guava 25.0-5. This CVE either no longer is or was never applicable...

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

Security Bulletin: Vulnerabilities in FasterXML jackson-databind and other packages affect IBM watsonx.data

Summary FasterXML jackson-databind, multiple Huawei products, multiple Oracle products, Guava, Google Protocol Buffers, protobuf-core, Netty, JetBrains Kotlin, netplex JSON Smart, Jettison, Eclipse Jetty, SnakeYaml and Perl have vulnerabilities that can affect watsonx.data. Vulnerability Details...