EUVD-2023-1686

Malicious code in bioql PyPI...

EUVD-2023-2147

Malicious code in bioql PyPI...

CVE-2023-24829

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13....

CVE-2023-28710

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1...

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-28707

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted...

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

Apache mod_isapi Dangling Pointer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modisapi Dangling Pointer', 'Description' = %q This module triggers a use-after-free vulnerability in the Apache Software Foundation...

[SECURITY] Fedora 40 Update: regexp-1.5-48.fc40

Regexp is a 100% Pure Java Regular Expression package that was graciously donated to the Apache Software Foundation by Jonathan Locke. He originally wrote this software back in 1996 and it has stood up quite well to the test of time. It includes complete Javadoc documentation as well as a simple...

BIT-AIRFLOW-2023-25754 Apache Airflow: Privilege escalation using airflow logs

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

CVE-2024-23673

CVE-2024-23673 concerns a path-traversal vulnerability in Apache Sling Servlets Resolver. The issue affects all versions prior to 2.11.0, with exploitation dependent on system configuration; a user with write access to the repository could trick the resolver into loading a previously uploaded scr...

What is Kafka?

Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

CVE-2023-50968 Apache OFBiz: Arbitrary file properties reading and SSRF attack

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

The Apache Software Foundation Updates Struts 2

The Apache Software Foundation has released security updates to address a vulnerability CVE-2023-50164 in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletinlink is...

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

CVE-2023-46819

Apache OFBiz contains a Missing Authentication flaw in the Solr plugin (CVE-2023-46819). Affected versions are before 18.12.09. The root cause is unauthorized access to Solr plugin queries, enabling potential modification/exfiltration of protected data. The recommended remediation is upgrading to...

Amazon Linux AMI : apache-ivy (ALAS-2023-1863)

The version of apache-ivy installed on the remote host is prior to 2.2.0-5.2. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1863 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...