373 matches found
Amazon Linux 2 : apache-ivy (ALAS-2023-2302)
The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...
CVE-2023-46227
CVE-2023-46227 — InLong deserialization vulnerability : Affects Apache InLong 1.4.0–1.8.0 due to unsafe deserialization of untrusted data. Exploitation could bypass security controls and lead to code execution or partial impact (integrity loss) per CVSS 3.1: High, vector NETWORK, low complexity, ...
CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...
CVE-2023-40195
CVE-2023-40195 describes a deserialization-based RCE in the Apache Airflow Spark Provider. When the Spark provider is installed, an Airflow user authorized to configure Spark hooks can point a Spark client at a malicious Spark server, allowing arbitrary Java method execution on the Airflow node v...
CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...
Apache Batik information disclosure vulnerability
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
CVE-2022-44730
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...
CVE-2022-44729
Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...
CVE-2022-44729
CVE-2022-44729 describes a Server-Side Request Forgery (SSRF) in Apache Batik (Apache XML Graphics Batik) affecting version 1.16, where a crafted SVG could trigger loading external resources by default. This behavior can lead to resource consumption and potential information disclosure. The conne...
CVE-2022-44730
CVE-2022-44730 is a Server-Side Request Forgery (SSRF) in Apache XML Graphics Batik (affected version: 1.16). A malicious SVG can probe user data and send it as a parameter to a URL; advisories (IBM bulletin, ALAS-2025-2801, Amazon Linux advisories) identify this alongside CVE-2022-44729 and reco...
CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751
CVE-2022-46751: Apache Ivy is vulnerable to XML External Entity (XXE) or XML injection due to improper restriction of DTD processing. Affected versions: Ivy prior to 2.5.2. Root cause: parsing XML files (Ivy config, Ivy files, POMs) can download external DTDs and expand entities, enabling data ex...
Fedora 38 : trafficserver (2023-dcbfbf1396)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dcbfbf1396 advisory. Update to upstream 9.2.2. Changes with Apache Traffic Server 9.2.2 9544 - Docs: format typos in headerrewrite doc 9754 - Fix OCSP detection during...
CVE-2023-39553
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...
Input validation
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...
CVE-2023-39553 Apache Airflow Drill Provider Arbitrary File Read Vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...
CVE-2023-39553 Apache Airflow Drill Provider Arbitrary File Read Vulnerability
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...
CVE-2022-47185
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1...