Lucene search
+L

373 matches found

OSV
OSV
added 2023/05/22 1:15 p.m.11 views

CVE-2023-31058

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

7.5CVSS7.1AI score0.01228EPSS
Exploits0References1
Prion
Prion
added 2023/05/22 1:15 p.m.22 views

Deserialization of untrusted data

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

5CVSS7.5AI score0.01228EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/22 12:54 p.m.39 views

CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

7.7AI score0.01228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/22 12:54 p.m.10 views

CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

7.5AI score0.01228EPSS
Exploits0References1
CVE
CVE
added 2023/05/22 12:54 p.m.70 views

CVE-2023-31058

Summary (CVE-2023-31058): Deserialization of untrusted data in Apache InLong (1.4.0–1.6.0) allows attackers to bypass the autoDeserialize filtering by inserting blanks. This can enable unintended behavior as described; no exploitation details are provided here. Impact: high likelihood of bypass o...

7.5CVSS7.5AI score0.01228EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/12 9:30 a.m.26 views

GHSA-V9RM-7RV9-R3FW Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1CVSS7.8AI score0.01093EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/05/12 9:30 a.m.24 views

Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1CVSS6.2AI score0.01093EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2023/05/12 8:15 a.m.30 views

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

5.3CVSS5.4AI score0.01204EPSS
Exploits0References1
Prion
Prion
added 2023/05/12 8:15 a.m.20 views

Design/Logic Flaw

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

5CVSS5.4AI score0.01204EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/12 7:45 a.m.32 views

CVE-2023-28936 Apache OpenMeetings: insufficient check of invitation hash

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

5.9AI score0.01204EPSS
Exploits0References1
CVE
CVE
added 2023/05/12 7:45 a.m.67 views

CVE-2023-28936

CVE-2023-28936 affects Apache OpenMeetings 2.0.0 to before 7.1.0. Multiple connected entries (GHSA/OSV/NVD/CNVD) describe an insufficient authorization vulnerability that allows an attacker to access arbitrary recordings/rooms. Exploitation details are not provided in the supplied documents; no r...

5.3CVSS5.8AI score0.01204EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/12 7:43 a.m.44 views

CVE-2023-29032 Apache OpenMeetings: allows bypass authentication

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1AI score0.01093EPSS
Exploits0References1
OSV
OSV
added 2023/05/12 7:43 a.m.20 views

CVE-2023-29032 Apache OpenMeetings: allows bypass authentication

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

8.1CVSS7.4AI score0.01093EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/12 7:43 a.m.14 views

CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

7AI score0.0147EPSS
Exploits0References1
OSV
OSV
added 2023/05/12 7:43 a.m.18 views

CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

7.2CVSS6.1AI score0.0147EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/12 7:43 a.m.33 views

CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

7.1AI score0.0147EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/05/08 12:30 p.m.44 views

Apache Airflow vulnerable to Privilege Context Switching Error

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0...

9.8CVSS9.4AI score0.0228EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/05/08 12:15 p.m.28 views

Design/Logic Flaw

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

7.5CVSS9.5AI score0.0228EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/08 11:57 a.m.11 views

CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

9.5AI score0.0228EPSS
Exploits0References3
CVE
CVE
added 2023/05/08 11:57 a.m.91 views

CVE-2023-25754

Apache Airflow prior to 2.6.0 is affected by a Privilege Context Switching Error that can allow a local Linux user to read sensitive files (e.g., SSH keys) by abusing insecure log file permissions. The issue is described as a privilege escalation via log handling. A fix is available in Airflow 2....

9.8CVSS9.4AI score0.0228EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder