Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

GHSA-MJFQ-3QR2-6G84 Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

Cosmos EVM Allows Partial Precompile State Writes

Impact Setting lower EVM call gas allows users to partially execute precompiles and error at specific points in the precompile code without reverting the partially written state. If executed on the distribution precompile when claiming funds, it could cause funds to be transferred to a user witho...

Alibaba Cloud Linux 3 : 0028: java-1.8.0-openjdk (ALINUX3-SA-2022:0028)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0028 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-21426: Vulnerability in the Oracl...

Alibaba Cloud Linux 3 : 0092: libdb (ALINUX3-SA-2022:0092)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0092 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-2708: Vulnerability in the Data Store...

Alibaba Cloud Linux 3 : 0077: java-17-openjdk (ALINUX3-SA-2024:0077)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0077 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-21011: Vulnerability in the Oracl...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

A flaw was found in Apache Tomcat. In certain conditions and configurations, this vulnerability allows a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. For the vulnerability to be...

kernel: ext4: dax: fix overflowing extents beyond inode size when partially writing

An inode corruption flaw was found in the Linux kernel's Ext4 file system functionality related to how a user can interrupt a write using the daxiomaprwfunction. This flaw allows a local user to make non-fatal mistakes with Ext4, leading to a file system denial of service...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 - Apache Tomcat Remote Code Execution Exploit...

SUSE CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

K000151257: Java vulnerability CVE-2025-30698

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:...

CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM® Semeru Runtime used by IBM Planning Analytics and IBM Planning Analytics Workspace. Please refer to the Related Information section below for vulnerability impact. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with...

UBUNTU-CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

SUSE CVE-2023-53083

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rqpages if it's a continuation of last page The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst-rqpages array. It's possible however to get a splice result that...

CVE-2023-53083

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rqpages if it's a continuation of last page The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst-rqpages array. It's possible however to get a splice result that...

CVE-2024-13859

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...