Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5964

Malicious code in bioql PyPI...

3.3CVSS5.4AI score0.01892EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6138

Malicious code in bioql PyPI...

5.5CVSS5.4AI score0.01858EPSS
Exploits0References12
OSV
OSV
added 2022/09/19 2:38 p.m.8 views

SUSE-SU-2022:3311-1 Security update for tika-core

This update for tika-core fixes the following issues: - CVE-2022-33879: Regular Expression Denial of Service in StandardsExtractingContentHandler bsc1201217 - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in Standards Extractor bsc1199604, bsc1200283...

5.5CVSS5.4AI score0.02495EPSS
Exploits0References7
NCSC
NCSC
added 2022/07/20 12:0 a.m.4 views

Vulnerabilities fixed in Oracle Primavera

Oracle has fixed vulnerabilities in the following products: Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier The vulnerabilities potentially enable a malicious party to execute attacks that lead to denial-of-service DoS. An overview of all fixed...

7.5CVSS6.6AI score0.0486EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/07/20 12:0 a.m.46 views

Oracle Primavera Unifier (Jul 2022 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management jackson-databind. Supported...

7.5CVSS7AI score0.0486EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.171 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update

A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...

10CVSS7.1AI score0.77735EPSS
Exploits48References61
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/29 2:20 a.m.39 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tika. Vulnerability Details CVEID: CVE-2022-30126 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the StandardsText class i...

5.5CVSS1.9AI score0.02495EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2022/06/28 8:35 a.m.36 views

Regular Expression Denial Of Service (ReDoS)

org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...

5.5CVSS5.3AI score0.02495EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/28 12:0 a.m.41 views

Apache Tika contains incomplete fix for regex DoS

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

3.3CVSS5.6AI score0.01892EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/06/27 10:15 p.m.29 views

Design/Logic Flaw

The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...

2.6CVSS4.8AI score0.02495EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/01 12:0 a.m.33 views

Regular expression denial of service in apache tika

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.5CVSS5.2AI score0.01858EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/31 2:15 p.m.31 views

CVE-2022-30973

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

5.5CVSS5.2AI score
Exploits0References4
Prion
Prion
added 2022/05/31 2:15 p.m.29 views

Design/Logic Flaw

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

2.6CVSS4.5AI score0.02495EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/05/31 1:20 p.m.162 views

CVE-2022-30973

Apache Tika's ReDoS vulnerability (CVE-2022-30973) arises from a regex in StandardsText used by StandardsExtractingContentHandler. Affected: 1.x branch, specifically the 1.28.2 release; impact is denial of service via backtracking on crafted files. The issue is limited to users running the Standa...

5.5CVSS4.6AI score0.02495EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/05/31 1:20 p.m.26 views

CVE-2022-30973 Missing fix for CVE-2022-30126 in 1.28.2

We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...

4.9AI score0.02495EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2022/05/17 12:0 a.m.5 views

be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.0), be.zvz:KotlinInside (>=1.14.1 <=1.14.2) +326 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=2.0.0 <=2.3.0)

org.apache.tika:tika-core MAVEN version =2.0.0, =1.2.0, =1.14.1, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.9.14, =1.9.14, =21.2.0, =2.2, =2.2, =2.2, =2.2, =2.2, =2.2, =2.4 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...

5.5CVSS6.3AI score0.02495EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/05/17 12:0 a.m.30 views

Apache Tika < 1.28.2, 2.x < 2.4.0 Multiple Vulnerabilities

Apache Tika is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tika"; ifdescription...

5.5CVSS5.2AI score0.02495EPSS
Exploits0References2
CVE
CVE
added 2022/05/16 5:5 p.m.186 views

CVE-2022-30126

Apache Tika CVE-2022-30126 is a ReDoS via a regex in StandardsText used by the StandardsExtractingContentHandler. The issue can cause denial of service on crafted files and only affects users running the StandardsExtractingContentHandler (a non-standard handler). A fix is available in Tika versio...

5.5CVSS4.5AI score0.02495EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/05/16 5:5 p.m.27 views

CVE-2022-30126 Apache Tika Regular Expression Denial of Service in Standards Extractor

In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...

4.9AI score0.02495EPSS
Exploits0References6
Rows per page
Query Builder