Lucene search
K

205 matches found

Debian CVE
Debian CVE
added 2024/03/21 9:7 a.m.29 views

CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

7.3CVSS5.9AI score0.02054EPSS
Exploits0
CVE
CVE
added 2024/03/21 9:5 a.m.346 views

CVE-2024-29133

CVE-2024-29133 describes an out-of-bounds write vulnerability in Apache Commons Configuration, affecting versions 2.0 up to 2.10.0 (and related entries indicate 2.0 through 2.10.1 as impacted). The issue is fixed in 2.10.1. Multiple connected sources corroborate the vulnerability class and the fi...

5.4CVSS5.8AI score0.01727EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/03/21 9:5 a.m.24 views

CVE-2024-29133 Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

6.6AI score0.01727EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/03/21 9:5 a.m.30 views

CVE-2024-29133

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

5.4CVSS5.9AI score0.01727EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/03/21 12:0 a.m.28 views

Apache Commons Configuration 2.0.x < 2.10.1 Multiple Vulnerabilities

The Apache Commons Configuration library is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.3CVSS6.6AI score0.02054EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.3 views

Apache Commons Configuration 缓冲区错误漏洞

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

5.4CVSS8AI score0.01727EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.3 views

Apache Commons Configuration 缓冲区错误漏洞

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

7.3CVSS8AI score0.02054EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.2 views

PT-2024-2437 · Atlassian +3 · Confluence +3

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Confluence Data Center and Server versions prior to 8.9.1 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center...

10CVSS6.4AI score0.02054EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.3 views

PT-2024-2438 · Apache +3 · Apache Commons Configuration +3

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Atlassian Confluence Data Center versions 7.17.0 through 8.9.0 Atlassian Confluence Server versions 7.17.0 through 8.5.8 Description: The issue is related to an out-of-bounds write...

10CVSS6.8AI score0.02054EPSS
Exploits0References56
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.34 views

Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...

9.9CVSS7.5AI score0.34819EPSS
Exploits7References13
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.43 views

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS8.7AI score0.34819EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.5 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.34819EPSS
Exploits3References4
Veracode
Veracode
added 2023/03/07 12:49 a.m.25 views

Arbitrary File Read

jenkins-2-plugins is vulnerable to Arbitrary File Read. The library does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons configuration library that enable the file: prefix interpolator by default, allowing attackers to configure pipelines to read...

8.1CVSS8.3AI score0.01328EPSS
Exploits0References6Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.64 views

K08006936: Apache Commons Configuration vulnerability CVE-2022-33980

Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...

9.8CVSS8.4AI score0.34819EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS8.7AI score0.0544EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.7 views

SUSE CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

8.1CVSS7.7AI score0.34819EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.3 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.34819EPSS
Exploits3References4
Debian
Debian
added 2022/11/28 11:38 a.m.40 views

[SECURITY] [DSA 5290-1] commons-configuration2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5290-1 [email protected] https://www.debian.org/security/ Markus Koschany November 28, 2022 https://www.debian.org/security/faq -...

9.8CVSS9.9AI score0.34819EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 8:55 a.m.61 views

Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]

Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...

9.8CVSS10AI score0.99931EPSS
Exploits44Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/28 12:0 a.m.42 views

Debian DSA-5290-1 : commons-configuration2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is...

9.8CVSS8.4AI score0.34819EPSS
Exploits3References6
Rows per page
Query Builder