Lucene search
K

455 matches found

Positive Technologies
Positive Technologies
added 2024/08/19 12:0 a.m.4 views

PT-2024-11678 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: The issue concerns incorrect handling of headers. No further details are available due to the rejection of the candidate number. Recommendations: At the moment, there is no information about...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/06/25 12:0 a.m.29 views

Fedora: Security Advisory (FEDORA-2024-c404b99f19)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.23072EPSS
Exploits1References4
Fedora
Fedora
added 2024/06/23 6:52 a.m.36 views

[SECURITY] Fedora 40 Update: tomcat-9.0.89-1.fc40

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

7.5CVSS7AI score0.23072EPSS
Exploits1
Fedora
Fedora
added 2024/06/13 3:3 a.m.30 views

[SECURITY] Fedora 39 Update: tomcat-9.0.89-1.fc39

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

7.5CVSS6.7AI score0.23072EPSS
Exploits1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.18 views

Fedora: Security Advisory for tomcat (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.23 views

[SECURITY] Fedora 40 Update: regexp-1.5-48.fc40

Regexp is a 100% Pure Java Regular Expression package that was graciously donated to the Apache Software Foundation by Jonathan Locke. He originally wrote this software back in 1996 and it has stood up quite well to the test of time. It includes complete Javadoc documentation as well as a simple...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
OSV
OSV
added 2024/03/06 10:55 a.m.22 views

BIT-AIRFLOW-2023-25754 Apache Airflow: Privilege escalation using airflow logs

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

9.8CVSS9.4AI score0.0228EPSS
Exploits0References4
CVE
CVE
added 2024/02/06 10:4 a.m.59 views

CVE-2024-23673

CVE-2024-23673 concerns a path-traversal vulnerability in Apache Sling Servlets Resolver. The issue affects all versions prior to 2.11.0, with exploitation dependent on system configuration; a user with write access to the repository could trick the resolver into loading a previously uploaded scr...

8.5CVSS8.1AI score0.01321EPSS
Exploits0References2Affected Software1
Wallarm Lab
Wallarm Lab
added 2024/01/15 9:34 a.m.26 views

What is Kafka?

Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...

7.4AI score
Exploits0
NVD
NVD
added 2023/12/26 12:15 p.m.31 views

CVE-2023-50968

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

7.5CVSS0.63373EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/12/26 11:45 a.m.33 views

CVE-2023-50968 Apache OFBiz: Arbitrary file properties reading and SSRF attack

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...

7.6AI score0.63373EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.3 views

PT-2023-35666 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs due to a crash in the EscherContainerRecord.fillFields function. The issue is related to the org.apache.poi.ddf.EscherContainerRecord and...

6.9AI score
Exploits0References2
CISA
CISA
added 2023/12/12 12:0 p.m.12 views

The Apache Software Foundation Updates Struts 2

The Apache Software Foundation has released security updates to address a vulnerability CVE-2023-50164 in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletinlink is...

9.8CVSS9.6AI score0.80819EPSS
Exploits15References1
CVE
CVE
added 2023/11/20 8:46 a.m.103 views

CVE-2023-46302

CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...

9.8CVSS9.5AI score0.99615EPSS
Exploits8References3Affected Software1
CVE
CVE
added 2023/11/07 11:2 a.m.76 views

CVE-2023-46819

Apache OFBiz contains a Missing Authentication flaw in the Solr plugin (CVE-2023-46819). Affected versions are before 18.12.09. The root cause is unauthorized access to Solr plugin queries, enabling potential modification/exfiltration of protected data. The recommended remediation is upgrading to...

5.3CVSS5.3AI score0.01793EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/25 12:0 a.m.33 views

Amazon Linux AMI : apache-ivy (ALAS-2023-1863)

The version of apache-ivy installed on the remote host is prior to 2.2.0-5.2. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1863 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...

8.2CVSS7.8AI score0.01855EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.33 views

Amazon Linux 2 : apache-ivy (ALAS-2023-2302)

The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...

8.2CVSS7.8AI score0.01855EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/19 9:40 a.m.14 views

CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...

7.1AI score0.00969EPSS
Exploits0References1
CVE
CVE
added 2023/10/19 9:40 a.m.56 views

CVE-2023-46227

CVE-2023-46227 — InLong deserialization vulnerability : Affects Apache InLong 1.4.0–1.8.0 due to unsafe deserialization of untrusted data. Exploitation could bypass security controls and lead to code execution or partial impact (integrity loss) per CVSS 3.1: High, vector NETWORK, low complexity, ...

7.5CVSS7.4AI score0.00969EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/28 7:50 a.m.29 views

CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

8.9AI score0.01413EPSS
Exploits0References2
Rows per page
Query Builder