Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...

EUVD-2023-2569

Malicious code in bioql PyPI...

EUVD-2023-2523

Malicious code in bioql PyPI...

EUVD-2024-0716

Malicious code in bioql PyPI...

EUVD-2023-1360

Malicious code in bioql PyPI...

com.atlan:package-toolkit-testing (>=5.3.1 <=6.1.2), com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.6.0 <=2.8.0) +750 more potentially affected by CVE-2025-1948 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.16)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =5.3.1, =2.6.0, =1.41.1, =1.1.18, =2.0.20, =3.0.0, =3.0.2, =3.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0-A1, =4.0.0-A1, =4.0.0-A1, =4.1.0, =4.2.1 and more Source cves: CVE-2025-1948 Source advisory: SNYK:JAVA-ORGECLIPSEJETTYHTTP2-10116751...

Linux Distros Unpatched Vulnerability : CVE-2023-26048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support e.g. annotated with @MultipartConfig that call...

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

SUSE CVE-2023-36478

Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...

CVE-2023-40167

Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the + character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests...

SRC-2021-0017 : Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Jetty Web Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConcatServlet and WelcomeFilter classes. The issue results fro...

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers

Summary Ignition is a powerful industrial application platform with fully integrated development tools for building SCADA, MES, and IIoT solutions. Description Remote unauthenticated atackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server...

GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS ======== Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data...

The Jetty Web Server there is a shared cache remote disclosure Vulnerability[CVE-2 0 1 5-2 0 8 0]-vulnerability warning-the black bar safety net

GDS security company found a Jetty web server shared cache area remote disclosure vulnerability by the vulnerability A is not authenticated attacker can remotely obtain a before the legitimate user to the server to send the request. In short, the attacker may be from the presence of the...

Cyberoam UTM - Multiple Vulnerabilities

Cyberoam UTM - Multiple Vulnerabilities SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured...

Cyberoam UTM Multiiple Vulnerabilities

Exploit for hardware platform in category web applications Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and...

VMware vCenter Update Manager Directory Traversal (VMSA-2011-0014)

The version of Jetty web server included with VMware vCenter Update Manager on the remote host has a directory traversal vulnerability. This is a variant of the issue previously addressed by VMware advisory VMSA-2010-0012. The web server runs as SYSTEM by default. A remote, unauthenticated attack...