CVE-2024-10920 mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key

A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic. Affected by this issue is the function doFilterInternal of the file travels-java-api-master\src\main\java\io\github\mariazevedo88\travelsjavaapi\filters\JwtAuthenticationTokenFilter.java of the...

travels-java-api 安全漏洞

travels-java-api is an API for travel management from the individual developer Mariana Azevedo. A security vulnerability exists in travels-java-api version 5.0.1 and earlier, which stems from the use of hard-coded encryption keys in the doFilterInternal function in the JWT Secret Handler componen...

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

UBUNTU-CVE-2024-30172

An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key...

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

Design/Logic Flaw

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...

CVE-2023-29051

CVE-2023-29051 affects Open-Xchange App Suite. User-defined OXMF templates could access a limited part of the internal Java API, with an ineffective default switch to disable template usage. This could allow unauthorized users to discover and modify application state, including objects tied to ot...

CVE-2022-45146

A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by th...

CVE-2023-33202

Bouncy Castle for Java before 1.73 contains a potential Denial of Service DoS issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafte...

GHSA-85P4-Q357-72H9 Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files

On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method...

JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels

h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

Apache Ivy External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

GHSA-FJRV-VX9M-4JPJ Veracode Scan Jenkins Plugin vulnerable to information disclosure

Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to discover Veracode API credentials by listing the process and its arguments...

Code injection

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users with OS-level access of the Jenkins remote to...

Independentsoft JWord 代码问题漏洞

Independentsoft JWord is a Microsoft Word-compatible API for Java and Android from Independentsoft, Germany. A security vulnerability exists in Independentsoft JWord versions prior to 1.1.110, which stems from the API's susceptibility to XML External Entity XXE injection via a remote DTD in a DOC...

samtools htsjdk license issue vulnerability

htsjdk is a samtools open source a Java API for high-throughput sequencing data HTS format . An authorization issue exists in htsjdk 3.0.1 and earlier versions com.github.samtools.The vulnerability is due to the createTempDir function in util/IOUtil, which creates a temporary file in a directory...

GHSA-68M8-V89J-7J2P Garbage collection issue in BC-FJA in Java 13 and later

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

CVE-2022-45146

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

Code injection

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...