6 matches found
EUVD-2019-0374
Malware in sbrugna...
CVE-2022-40145 Apache Karaf: JDBC JAAS LDAP injection
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...
org.apache.karaf.demos:web (=4.1.0) potentially affected by CVE-2018-11787 via org.apache.karaf:apache-karaf (=4.1.0)
org.apache.karaf:apache-karaf MAVEN version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.karaf:apache-karaf and may be impacted: - org.apache.karaf.demos:web =4.1.0 Source cves: CVE-2018-11787 Source advisory: OSV:GHSA-CQ9C-55R7-45...
com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +23 more potentially affected by CVE-2018-11787 via org.apache.karaf:apache-karaf (>=2.0.0 <=3.0.8)
org.apache.karaf:apache-karaf MAVEN version =2.0.0, =1.5, =1.5.6, =4.4.1, =1.1.2, =2.0.0, =2.0.6, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.2.3, =2.0.0, =2.0.0, =2.2.11 and more Source cves: CVE-2018-11787 Source advisory: OSV:GHSA-CQ9C-55R7-455X...
ch.sourcepond.commons:smartswitch-tests (>=2.0.0 <=4.0.2), ch.sourcepond.io:checksum-tests (>=1.0.3 <=4.0.3) +10 more potentially affected by CVE-2018-11787 via org.apache.karaf:apache-karaf (>=4.0.0 <=4.0.8)
org.apache.karaf:apache-karaf MAVEN version =4.0.0, =2.0.0, =1.0.3, =1.0.0, =1.0.0, =1.0.0, =1.0, =2.18.0, =4.0.0, =4.0.0, =2.8.7, =2.6.5, =2.8.11 - org.code-house.validation:itests =4.0.0 Source cves: CVE-2018-11787 Source advisory: OSV:GHSA-CQ9C-55R7-455X...
Apache Karaf Security Bypass Vulnerability
Apache Karaf is the United States Apache Apache Software Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A security vulnerability exists in Apache Karaf versions prior to 4.2.0. An attacker could exploit the vulnerability t...