19 matches found
EUVD-2022-5964
Malicious code in bioql PyPI...
EUVD-2022-6138
Malicious code in bioql PyPI...
SUSE-SU-2022:3311-1 Security update for tika-core
This update for tika-core fixes the following issues: - CVE-2022-33879: Regular Expression Denial of Service in StandardsExtractingContentHandler bsc1201217 - CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in Standards Extractor bsc1199604, bsc1200283...
Vulnerabilities fixed in Oracle Primavera
Oracle has fixed vulnerabilities in the following products: Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera Unifier The vulnerabilities potentially enable a malicious party to execute attacks that lead to denial-of-service DoS. An overview of all fixed...
Oracle Primavera Unifier (Jul 2022 CPU)
The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Document Management jackson-databind. Supported...
Important: Red Hat Security Advisory: Red Hat Fuse 7.11.0 release and security update
A minor version update from 7.10 to 7.11 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scorin...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tika
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tika. Vulnerability Details CVEID: CVE-2022-30126 DESCRIPTION: Apache Tika is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the StandardsText class i...
Regular Expression Denial Of Service (ReDoS)
org.apache.tika:tika is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to cause denial of service conditions to the users who are running the StandardsExtractingContentHandler component, due to an insecure regular expression usage in setThreshold function by...
Apache Tika contains incomplete fix for regex DoS
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...
Design/Logic Flaw
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1...
Regular expression denial of service in apache tika
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...
CVE-2022-30973
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...
Design/Logic Flaw
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...
CVE-2022-30973
Apache Tika's ReDoS vulnerability (CVE-2022-30973) arises from a regex in StandardsText used by StandardsExtractingContentHandler. Affected: 1.x branch, specifically the 1.28.2 release; impact is denial of service via backtracking on crafted files. The issue is limited to users running the Standa...
CVE-2022-30973 Missing fix for CVE-2022-30126 in 1.28.2
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only...
be.ugent.idlab.knows:dataio (>=1.2.0 <=1.3.0), be.zvz:KotlinInside (>=1.14.1 <=1.14.2) +326 more potentially affected by CVE-2022-30126 via org.apache.tika:tika-core (>=2.0.0 <=2.3.0)
org.apache.tika:tika-core MAVEN version =2.0.0, =1.2.0, =1.14.1, =2.10.0, =2.10.0, =2.10.0, =2.10.0, =1.9.14, =1.9.14, =21.2.0, =2.2, =2.2, =2.2, =2.2, =2.2, =2.2, =2.4 and more Source cves: CVE-2022-30126 Source advisory: OSV:GHSA-RPJM-422R-95MH...
Apache Tika < 1.28.2, 2.x < 2.4.0 Multiple Vulnerabilities
Apache Tika is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tika"; ifdescription...
CVE-2022-30126
Apache Tika CVE-2022-30126 is a ReDoS via a regex in StandardsText used by the StandardsExtractingContentHandler. The issue can cause denial of service on crafted files and only affects users running the StandardsExtractingContentHandler (a non-standard handler). A fix is available in Tika versio...
CVE-2022-30126 Apache Tika Regular Expression Denial of Service in Standards Extractor
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standa...