CVE-2025-0160 IBM FlashSystem code execution

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker with...

CVE-2025-0160

CVE-2025-0160 affects IBM FlashSystem and IBM Storage Virtualize products (multiple 8.x releases) where improper restrictions in the RPCAdapter service can allow a remote attacker with system access to execute arbitrary Java code. The description lists affected versions including 8.5.0.0–8.5.0.13...

IBM FlashSystem 安全漏洞

IBM FlashSystem is a family of high-performance all-flash and hybrid flash storage solutions from International Business Machines IBM. A code execution vulnerability exists in IBM FlashSystem that stems from improper restriction of the RPCAdapter service and can be exploited by remote attackers t...

CVE-2023-39469

PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the Externa...

CVE-2023-39469

The CVE-2023-39469 entry concerns PaperCut NG’s External User Lookup code injection that enables Remote Code Execution. Affected component: External User Lookup in PaperCut NG. Root cause: unsafely handling a user-supplied string that is later used to execute Java code, allowing code execution in...

CVE-2023-39469 PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability

PaperCut NG External User Lookup Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the Externa...

MGASA-2024-0068 Updated batik packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. CVE-2022-38398 Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacke...

Improper Input Validation

org.apache.pulsar, pulsar-functions-worker is vulnerable to improper input validation. This vulnerability is due to insufficient input validation within the Worker, which fails to adequately check user-provided inputs before executing them, resulting in the execution of arbitrary Java code outsid...

Apache Pulsar Security Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

PT-2024-2609 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions 2.4.0 through 2.10.5 Apache Pulsar versions 2.11.0 through 2.11.3 Apache Pulsar versions 3.0.0 through 3.0.2 Apache Pulsar versions 3.1.0 through 3.1.2 Apache Pulsar version 3.2.0 Description: The issue is related to...

Fedora: Security Advisory for byteman (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xmvn-generator-1.2.2-3.fc40

XMvn Generator is a dependency generator for RPM Package Manager written in Java and Lua, that uses LuJavRite library to call Java code from Lua...

SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

SUSE SLES12 Security Update : xmlgraphics-batik (SUSE-SU-2024:0777-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0777-1 advisory. - In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who...

BIT-POSTGRESQL-JDBC-DRIVER-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

SUSE-SU-2024:0619-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: bsc1219843 Security fixes: - CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library bsc1219843. - CVE-2024-20932: Fixed incorrect handling of ZIP files...

RCE (Remote Code Execution) org.apache.xmlgraphics:batik-script Dependency in Jira Software Data Center and Server

This High severity org.apache.xmlgraphics:batik-script Dependency vulnerability was introduced in versions 8.20.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, and 9.7.0 of Jira Software Data Center and Server. This org.apache.xmlgraphics:batik-script Dependency vulnerability, with a...

SUSE-SU-2024:0321-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

CVE-2024-24569

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...

CVE-2024-24569 `ZipSecurity#isBelowCurrentDirectory` is vulnerable to partial-path traversal vulnerability

The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. ZipSecurityisBelowCurrentDirectory is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version =1.1.1, use ZipSecurity as a guard against...