455 matches found
PT-2024-11678 · Apache · Apache
Name of the Vulnerable Software and Affected Versions: Apache affected versions not specified Description: The issue concerns incorrect handling of headers. No further details are available due to the rejection of the candidate number. Recommendations: At the moment, there is no information about...
Fedora: Security Advisory (FEDORA-2024-c404b99f19)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: tomcat-9.0.89-1.fc40
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
[SECURITY] Fedora 39 Update: tomcat-9.0.89-1.fc39
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
Fedora: Security Advisory for tomcat (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: regexp-1.5-48.fc40
Regexp is a 100% Pure Java Regular Expression package that was graciously donated to the Apache Software Foundation by Jonathan Locke. He originally wrote this software back in 1996 and it has stood up quite well to the test of time. It includes complete Javadoc documentation as well as a simple...
BIT-AIRFLOW-2023-25754 Apache Airflow: Privilege escalation using airflow logs
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...
CVE-2024-23673
CVE-2024-23673 concerns a path-traversal vulnerability in Apache Sling Servlets Resolver. The issue affects all versions prior to 2.11.0, with exploitation dependent on system configuration; a user with write access to the repository could trick the resolver into loading a previously uploaded scr...
What is Kafka?
Introduction to the Universe of Kafka: A Detailed Synopsis Apache Kafka, frequently just labeled as Kafka, is a universally contributed event broadcasting framework, intended to manage live streaming of data. It is engineered to be a bridge for significant volumes of data, offering a mechanism fo...
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
CVE-2023-50968 Apache OFBiz: Arbitrary file properties reading and SSRF attack
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes th...
PT-2023-35666 · Apache · Apache Poi
Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs due to a crash in the EscherContainerRecord.fillFields function. The issue is related to the org.apache.poi.ddf.EscherContainerRecord and...
The Apache Software Foundation Updates Struts 2
The Apache Software Foundation has released security updates to address a vulnerability CVE-2023-50164 in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletinlink is...
CVE-2023-46302
CVE-2023-46302 affects Apache Submarine (0.7.0–0.8.0 pre-upgrade) where YAML deserialization in the YamlUtils.yaml processing path (SnakeYAML-based) can lead to remote code execution. The issue arises during unmarshalling of YAML requests via JAXRS endpoints using application/yaml content-type; t...
CVE-2023-46819
Apache OFBiz contains a Missing Authentication flaw in the Solr plugin (CVE-2023-46819). Affected versions are before 18.12.09. The root cause is unauthorized access to Solr plugin queries, enabling potential modification/exfiltration of protected data. The recommended remediation is upgrading to...
Amazon Linux AMI : apache-ivy (ALAS-2023-1863)
The version of apache-ivy installed on the remote host is prior to 2.2.0-5.2. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1863 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...
Amazon Linux 2 : apache-ivy (ALAS-2023-2302)
The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...
CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...
CVE-2023-46227
CVE-2023-46227 — InLong deserialization vulnerability : Affects Apache InLong 1.4.0–1.8.0 due to unsafe deserialization of untrusted data. Exploitation could bypass security controls and lead to code execution or partial impact (integrity loss) per CVSS 3.1: High, vector NETWORK, low complexity, ...
CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...