Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...

Security Bulletin: Critical vulnerability addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary CVE-2025-66516 - Apache Tika addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5...

Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2022-3171 fixed in Cloudera Data Platform Private Cloud Base 7.1.9 Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to ...

EUVD-2020-27050

Malware in sbrugna...

EUVD-2016-5318

Malware in sbrugna...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1

Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...

Linux Distros Unpatched Vulnerability : CVE-2019-17565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to...

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

Malicious code in eslint-plugin-add-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8efa7275ffd4613db923c31dba516fc3434fb3fecb4ccfbd1e1cb929399a6b02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10656 Malicious code in eslint-plugin-add-display-name (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8efa7275ffd4613db923c31dba516fc3434fb3fecb4ccfbd1e1cb929399a6b02 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress plugin WPC Frequently Bought Together for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin WPC Frequently Bought Togeth...

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1

Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-43045 DESCRIPTION: Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

WordPress Booster for WooCommerce Plugin <= 7.1.8 is vulnerable to Broken Access Control

Software Booster for WooCommerce Type Plugin Vulnerable versions = 7.1.8 Fixed in 7.1.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-3957 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID c5acc2669cf3 Credits stealthcopter Required...

Atlassian Jira < 7.1.9 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to . It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the /auditing/settings endpoint, which permits attackers to perform Cross Site Request Forgery...

WordPress plugin WPDating SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

CVE-2020-5897

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component...

CVE-2020-5896

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions...

Design/Logic Flaw

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component...