45 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43338
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any space, they just do a transaction join, which does not...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3364 more potentially affected by unknown CVE via tokio-io (>=0.1.13 <=0.2.0-alpha.6)
tokio-io CARGO version =0.1.13, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0058...
socket.io allows an unbounded number of binary attachments
Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...
EUVD-2019-0327
Malware in sbrugna...
EUVD-2023-1723
Malicious code in bioql PyPI...
co.fs2:fs2-protocols_2.12 (>=3.10-4b5f50b <=3.12.0-RC2), com.47deg:github4s_2.12 (>=0.29.0 <=0.29.1) +435 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=3.0.0 <=3.12.0)
co.fs2:fs2-io2.12 MAVEN version =3.0.0, =3.10-4b5f50b, =0.29.0, =1.0.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-148-8da8898,...
com.47deg:freestyle-http-http4s_2.11 (=0.1.0), com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0) +173 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=0.9.1 <=2.1.0)
co.fs2:fs2-io2.11 MAVEN version =0.9.1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =0.12.7, =0.12.7, =0.12.7, =0.14.1, =0.12.7, =1.1.0, =1.2.1 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-13180115...
ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +465 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=2.0.0 <=2.5.12)
co.fs2:fs2-io2.12 MAVEN version =2.0.0, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =0.7.0, =0.7.0, =0.18.1, =0.17.0, =0.17.0, =0.1.21, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-12669991...
ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +649 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0-M7 <=3.12.1)
co.fs2:fs2-io2.13 MAVEN version =3.0.0-M7, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory...
com.github.pureconfig:pureconfig-fs2_2.11 (>=0.12.1 <=0.14.0), com.github.regis-leray:fs2-ftp_2.11 (>=0.3.0 <=0.5.0) +14 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=2.0.1 <=2.1.0)
co.fs2:fs2-io2.11 MAVEN version =2.0.1, =0.12.1, =0.3.0, =3.3.0, =3.0.0, =3.0.0, =3.3.0, =2.0.0, =3.0.0-RC1, =1.2.0, =1.2.5, =1.3.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...
com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0), com.azavea.geotrellis:geotrellis-server-ogc_2.11 (>=4.0.1 <=4.2.0) +145 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=1.0.0-M1 <=1.1.0-M1)
co.fs2:fs2-io2.11 MAVEN version =1.0.0-M1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =1.1.0, =1.0-M1, =0.10.0, =0.11.0, =0.1.0, =0.0.3, =0.0.3, =0.0.8 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...
com.avast:sst-app-monix_3 (>=0.17.0 <=0.19.3), com.avast:sst-app-zio_3 (>=0.17.0 <=0.19.3) +70 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_3 (>=2.5.10 <=2.5.12)
co.fs2:fs2-io3 MAVEN version =2.5.10, =0.17.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.17.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.16.0, =0.16.0, =0.16.0, =0.17.0, =0.17.0, =0.19.3 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...
ch.j3t:zio-prefetcher_2.12 (>=0.3.0 <=0.7.0), com.47deg:embedded-cassandra-core_2.12 (=0.0.7) +631 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.12 (>=0.10.0-M10 <=2.5.12)
co.fs2:fs2-io2.12 MAVEN version =0.10.0-M10, =0.3.0, =0.22.0, =0.0.1, =0.13.2, =0.2.6, =0.3.0, =0.2.0, =0.1.0, =5.6.0, =0.6.1, =0.6.1, =0.18.1, =0.18.5 and more Source cves: CVE-2025-58369 Source advisory: OSV:GHSA-RRW2-PX9J-QFFJ...
Security Bulletin: Vulerability commons-io affects IBM Integrated Analytics System
Summary The commons-io library is used by IBM Integrated Analytics System for input/output processing. A vulnerability was identified in the org.apache.commons.io.input.XmlStreamReader class, where processing untrusted input could result in excessive CPU usage, potentially leading to a denial of...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in commons-io-2.8.0.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of commons-io-2.8.0.jar Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consu...
Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-47554]
Summary The commons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
CVE-2023-33377
Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices...
Security Bulletin: IBM Sterling Control Center is vulnerable to Apache Commons IO (CVE-2024-47554)
Summary Apache Commons IO jar vulnerability is impacting IBM Sterling Control Center v6.3.1 and v6.2.1 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessivel...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to uncontrolled resource consumption due to commons-io.
Summary Commons.io is used by the ds-runtime microservice as part of the read/write functionality. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively...
Uncontrolled Resource Consumption
Apache Commons IO is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to excessive CPU consumption caused by the org.apache.commons.io.input.XmlStreamReader class when processing maliciously crafted input...