89 matches found
CVE-2026-26032
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
CVE-2026-26032
Summary of CVE-2026-26032 (Apache Ivy): The PackagerResolver can repack downloaded artifacts via an Ant script in a subdirectory of buildRoot. If any Ivy coordinates contain "../" sequences, an attacker who can access a packager repository can escape the buildRoot and overwrite other files. The i...
PT-2026-60263
The PackagerResolver of Apache Ivy is able to download online artifacts and to repackage them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" directory. This subdirectory is calculated based on...
EUVD-2023-2185
Malicious code in bioql PyPI...
EUVD-2022-7292
Malicious code in bioql PyPI...
EUVD-2022-7457
Malicious code in bioql PyPI...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.10.1 Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names...
Security Bulletin: Multiple Vulnerabilities in Apache Ivy affect IBM Cloud Pak System
Summary Vulnerabilities found in Apache Ivy affect IBM Cloud Pak SystemCVE-2022-46751, CVE-2022-2765,CVE-2022-37866. Vulnerability Details CVEID:CVE-2022-46751 DESCRIPTION: Apache Ivy could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
Linux Distros Unpatched Vulnerability : CVE-2022-46751
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue...
Linux Distros Unpatched Vulnerability : CVE-2022-37866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied pattern that may include placeholders for...
ROS-20241203-20
Apache Ivy package manager vulnerability is related to incorrect path name restriction to a directory with a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to the file system Apache Ivy package manager vulnerability is...
OPENSUSE-SU-2024:13148-1 apache-ivy-2.5.2-1.1 on GA media
These are all security issues fixed in the apache-ivy-2.5.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12506-1 apache-ivy-2.5.1-1.1 on GA media
These are all security issues fixed in the apache-ivy-2.5.1-1.1 package on the GA media of openSUSE Tumbleweed...
RHEL 8 : apache-ivy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-ivy: XML External Entity vulnerability CVE-2022-46751 Note that Nessus has not tested for this issue but has...
RHEL 7 : apache-ivy (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - apache-ivy: Directory Traversal CVE-2022-37865 - Improper Restriction of XML External Entity Reference, X...
Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.
Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...
The issue with the Apache Ivy package manager, related to an incorrect restriction on the path to the restricted directory, allows a violator to write arbitrary files into the file system.
The vulnerability of the Apache Ivy package manager is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to write arbitrary files into the file system...
The vulnerability of the Apache Ivy package manager is related to incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or cause service failures.
The vulnerability of the Apache Ivy package manager is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service failures...
The possibility of the Apache Ivy package manager, due to incorrect restrictions on the path name to the restricted directory, allowing unauthorized users to gain unauthorized access to the file system.
The vulnerability of the Apache Ivy package manager is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the file system...
Fedora: Security Advisory for apache-ivy (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...