85 matches found
PT-2023-35583 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...
OSV-2023-883 Security exception in org.apache.lucene.util.ArrayUtil.copyOfSubArray
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62524 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.copyOfSubArray org.apache.lucene.util.BytesRef.deepCopyOf org.apache.lucene.index.Term...
OSV-2023-793 Security exception in org.apache.lucene.util.BytesRefBuilder.<init>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62034 Crash type: Security exception Crash state: org.apache.lucene.util.BytesRefBuilder. org.apache.lucene.analysis.tokenattributes.CharTermAttributeImpl.clone...
PT-2023-35994 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported. The crash involves the org.apache.lucene.util.BytesRefBuilder constructor, and the clone methods of...
PT-2023-35956 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The issue is related to a security exception in the org.apache.lucene.util.automaton.RegExp.toAutomaton function. It involves the java.base/java.util.BitSet.ensureCapacity and...
PT-2023-35954 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the CharTermAttributeImpl.clone and PackedTokenAttributeImpl.clone functions. Recommendations: At th...
PT-2023-35928 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The issue is related to a security exception in the org.apache.lucene.util.automaton.RegExp.toAutomaton function. It involves the java.base/java.util.BitSet.ensureCapacity and...
PT-2023-35923 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: The issue is related to a security exception in the org.apache.lucene.util.automaton.RegExp.toAutomaton function. It involves the java.base/java.util.BitSet.ensureCapacity and...
Security Bulletin: Denial of Service Vulnerability in Apache Solr used by IBM Operations Analytics - Log Analysis
Summary There is a potential denial of service in Apache Solr that is used by IBM Operations Analytics - Log Analysis Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker cou...
OSV-2023-533 Security exception in org.apache.lucene.util.ArrayUtil.growExact
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60248 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...
PT-2023-35892 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...
OSV-2023-408 Security exception in org.apache.lucene.util.ArrayUtil.growExact
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59071 Crash type: Security exception Crash state: org.apache.lucene.util.ArrayUtil.growExact org.apache.lucene.util.ArrayUtil.grow org.apache.lucene.util.BytesRefBuilder.grow...
PT-2023-35834 · Apache · Apache Lucene
Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.growExact function, which is called by...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache Lucene
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache Lucene. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could...
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities (CVE-2020-7789, CVE-2020-7598, CVE-2021-44906 , XFID: 216835, XFID: 220063)
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics 11.2.4 FP1 These vulnerabilities have also been previously addressed in IBM Cognos Analytics 11.1.7 FP6 where applicable. The following 3rd party components are used by IBM Cognos Analytics: Apache Lucene is a...
K10631153: Apache Solr vulnerability CVE-2017-12629
Security Advisory Description Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to...
Unauthorized Access Vulnerability in Apache Solr
Apache Solr is an open source search service , using the Java language development , mainly based on HTTP and Apache Lucene implementation . An unauthorized access vulnerability exists in Apache Solr, which can be exploited by attackers to obtain sensitive information...
Fedora: Security Advisory for lucene (FEDORA-2020-cf8ef2f333)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: lucene-8.4.1-9.fc32
Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform...
Apache Solr < 7.1.0 Remote Code Execution
Remote code execution occurs in Apache Solr versions 7.1.0 with Apache Lucene 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. This can be exploited to upload malicious data to the /upload request handler or as Blind XX...