Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons IO vulnerability (USN-8191-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8191-1 advisory. It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resourc...

USN-8191-1 commons-io vulnerability

It was discovered that Apache Commons IO's XmlStreamReader class could excessively consume CPU resources under certain circumstances. An attacker could possibly use this issue to cause Apache Commons IO to crash, resulting in a denial of service...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.21.0.0.0 (January 2026 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

MiracleLinux 8 : qt5-qtbase-5.15.3-5.el8 (AXSA:2023-7239:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7239:02 advisory. qt: buffer over-read via a crafted reply from a DNS server CVE-2023-33285 qt: allows remote attacker to bypass security restrictions caused by flaw ...

Security Bulletin: Uncontrolled Resource Consumption Vulnerability in Apache Commons IO XmlStreamReader, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended ...

Security Bulletin: Vulnerabilities in Eclipse affect Tivoli Netcool/OMNIbus. (CVE-2024-13009, CVE-2024-47554)

Summary There are vulnerabilities in the MIB Manager application that is part of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a reques...

SUSE SLES12 Security Update : libqt4 (SUSE-SU-2025:02968-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02968-1 advisory. - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont...

SUSE-SU-2025:02968-1 Security update for libqt4

This update for libqt4 fixes the following issues: - CVE-2021-45930: Fixed out-of-bounds write leading to DoS bsc1196654 - CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont munitsPerEm bsc1211298 - CVE-2023-32763: Fixed buffer overflow on QTextLayout during rendering of an SVG file...

Medium: apache-commons-io

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

Medium: apache-commons-io

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

Medium: javapackages-bootstrap

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

apache-commons-io: Possible denial of service attack on untrusted input to XmlStreamReader

A vulnerability was found in the Apache Commons IO component in the org.apache.commons.io.input.XmlStreamReader class. Excessive CPU resource consumption can lead to a denial of service when an untrusted input is processed...

Security update for apache-commons-io

This update for apache-commons-io fixes the following issues: Upgrade to 2.17.0: CVE-2024-47554: Fixed untrusted input to XmlStreamReader can lead to uncontrolled resource consumption bsc1231298 Other changes: - https://commons.apache.org/proper/commons-io/changes-report.htmla2.17.0 Patch...

DEBIAN-CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

AZL-50031 CVE-2024-47554 affecting package apache-commons-io for versions less than 2.14.0-1

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

UBUNTU-CVE-2024-47554

Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended to upgra...

UBUNTU-CVE-2023-37369

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length...

qt5-qtbase: Double free in QXmlStreamReader

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document...