EUVD-2021-7695

Malicious code in bioql PyPI...

Security Bulletin: Zipp Path Module Denial of Service via Malformed ZIP File

Summary zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker could exploit this vulnerability to cause a denial of service condition. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

Security Bulletin: Netcool Operations Insights 1.6.14 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.14 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0,...

Linux Distros Unpatched Vulnerability : CVE-2021-20257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if various...

Security Bulletin: IBM Event Processing is vulnerable to a denial of service

Summary Operator of IBM Event Processing backend and operator is vulnerable to denial of service. CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a...

Security Bulletin: Apache Commons Compress vulnerability affect IBM Spectrum Control

Summary Apache Commons Compress is vulnerable to a denial of service. This vulnerability affect IBM Spectrum Control. CVE-2024-25710, CVE-2024-26308, CVE-2023-42503. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...

Security Bulletin: Multiple vulnerabilities in Apache Commons Compress may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-26308 & CVE-2024-25710)

Summary There are multiple vulnerabilities in Apache Commons Compress used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compre...

Security Bulletin: IBM CICS TX Advanced is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go (CVE-2021-27918).

Summary IBM CICS TX Advanced is vulnerable to a denial of service, caused by an infinite loop flaw in Golang Go CVE-2021-27918. The fix removes this vulnerability from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2021-27918 DESCRIPTION: Golang Go is vulnerable to a denial of service,...

CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial o...

Security Bulletin: Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service (DOS) (CVE-2021-30468)

Summary Apache CXF as used by IBM QRadar SIEM is vulnerable to denial of service Vulnerability Details CVEID: CVE-2021-30468 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON...

MGASA-2016-0023 Updated qemu packages fix security vulnerabilities

A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user with the CAPSYSRAWIO capability inside a guest could use this flaw to crash the host QEMU process resulting in denial of...

Scientific Linux Security Update : apr on SL4.x, SL5.x i386/x86_64

The Apache Portable Runtime APR is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 introduced an infinite loop flaw in the aprfnmatch function when the APRFNMPATHNAME matching flag was...

CentOS Update for apr CESA-2011:0844 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 4 / 5 : php (CESA-2007:0890)

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...