EUVD-2022-6222

Malicious code in bioql PyPI...

GHSA-338X-HFX8-VX9X Apache Karaf Cave: Cave SSRF and arbitrary file access

This issue affects all versions of Apache Karaf Cave. As this project is retired, there are no plans to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that ar...

PT-2024-25823 · Apache · Apache Karaf Cave

Name of the Vulnerable Software and Affected Versions: Apache Karaf Cave versions all Description: The issue is related to an Improper Input Validation vulnerability. This vulnerability only affects products that are no longer supported by the maintainer. Users are recommended to find an...

CVE-2024-27905 Apache Aurora: padding oracle can allow construction an authentication cookie

UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...

CVE-2023-39967

WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via...

NetSupport Client Handshake Hostname Overflow

Added: 10/11/2011 CVE: CVE-2011-0404 BID: 45728 OSVDB: 70408 Background NetSupport Manager is a remote desktop support solution. Problem The NetSupport client/server communication is carried out over a proprietary communications protocol. This protocol begins with a handshake between the client a...