Lucene search
+L

20 matches found

OSV
OSV
added 2026/06/26 7:55 a.m.8 views

ROOT-APP-MAVEN-CVE-2023-39410 CVE-2023-39410 in io.root.org.apache.avro:avro - Patched by Root

Root has patched CVE-2023-39410 in the io.root.org.apache.avro:avro package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.7AI score0.01772EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/25 1:28 p.m.24 views

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)

Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...

9.2CVSS8.4AI score0.03256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/10 10:36 a.m.24 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects watsonx.data

Summary Apache Avro Java SDK is vulnerable to a denial of service attack, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK is vulnerable to a denial of service, caused by an unsafe deserialization flaw. By sending specially crafted...

7.5CVSS7.5AI score0.01772EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.98 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

9.3CVSS6.6AI score0.8581EPSS
Exploits9References16
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.44 views

Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS7.1AI score0.01772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.55 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.67 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits20References34
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.63 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS7.1AI score0.99999EPSS
Exploits20References33
RedHat Linux
RedHat Linux
added 2023/12/04 6:0 p.m.63 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits20References34
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.54 views

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 (RHSA-2023:7639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7639 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

7.5CVSS7.3AI score0.99999EPSS
Exploits20References43
RedHat Linux
RedHat Linux
added 2023/11/30 3:0 p.m.33 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel for Quarkus 3.2.0 release (RHBQ 3.2.9.Final)

Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available updates to RHBQ 3.2.9.Final. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products Red Hat Build of Apache Camel fo...

7.5CVSS6.6AI score0.01772EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/11/30 11:36 a.m.41 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.2.9 release and security update

A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

9.1CVSS6.6AI score0.01772EPSS
Exploits1References111
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 1:52 p.m.39 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)

Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...

7.5CVSS8.2AI score0.01772EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2023/10/09 7:55 p.m.26 views

CVE-2023-39410

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

7.5CVSS7.2AI score0.01772EPSS
Exploits0References4
Wolfi
Wolfi
added 2023/09/29 5:15 p.m.239 views

CVE-2023-39410 vulnerabilities

Vulnerabilities for packages: tez, druid, wavefront-proxy, celeborn...

7.5CVSS6.2AI score0.01772EPSS
Exploits0
Chainguard
Chainguard
added 2023/09/29 5:15 p.m.42 views

CVE-2023-39410 vulnerabilities

Vulnerabilities for packages: druid, tez, wavefront-proxy, celeborn...

7.5CVSS6.2AI score0.01772EPSS
Exploits0
Cvelist
Cvelist
added 2023/09/29 4:23 p.m.34 views

CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.8AI score0.01772EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/09/29 4:23 p.m.19 views

CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5AI score0.01772EPSS
Exploits0References3
CVE
CVE
added 2023/09/29 4:23 p.m.554 views

CVE-2023-39410

CVE-2023-39410 describes a memory exhaustion risk when deserializing untrusted data in the Apache Avro Java SDK. Affected: Avro Java SDK up to 1.11.2. Root cause: deserialization can consume memory beyond allowed constraints, leading to out-of-memory DoS. A fix is available in Apache Avro 1.11.3....

7.5CVSS7.5AI score0.01772EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/29 4:23 p.m.6 views

CVE-2023-39410 Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS6.6AI score0.01772EPSS
Exploits0References5
Rows per page
Query Builder