Lucene search
K

373 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.33 views

Amazon Linux 2 : apache-ivy (ALAS-2023-2302)

The version of apache-ivy installed on the remote host is prior to 2.3.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2302 advisory. Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software...

8.2CVSS7.8AI score0.01855EPSS
Exploits0References4
CVE
CVE
added 2023/10/19 9:40 a.m.56 views

CVE-2023-46227

CVE-2023-46227 — InLong deserialization vulnerability : Affects Apache InLong 1.4.0–1.8.0 due to unsafe deserialization of untrusted data. Exploitation could bypass security controls and lead to code execution or partial impact (integrity loss) per CVSS 3.1: High, vector NETWORK, low complexity, ...

7.5CVSS7.4AI score0.00969EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/19 9:40 a.m.14 views

CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...

7.1AI score0.00969EPSS
Exploits0References1
CVE
CVE
added 2023/08/28 7:50 a.m.71 views

CVE-2023-40195

CVE-2023-40195 describes a deserialization-based RCE in the Apache Airflow Spark Provider. When the Spark provider is installed, an Airflow user authorized to configure Spark hooks can point a Spark client at a malicious Spark server, allowing arbitrary Java method execution on the Airflow node v...

8.8CVSS8.7AI score0.01413EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/28 7:50 a.m.29 views

CVE-2023-40195 Apache Airflow Spark Provider Deserialization Vulnerability RCE

Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks...

8.9AI score0.01413EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/08/22 9:30 p.m.41 views

Apache Batik information disclosure vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

4.4CVSS5.6AI score0.00749EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2023/08/22 7:16 p.m.22 views

CVE-2022-44730

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

4.4CVSS5.7AI score0.00749EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/08/22 7:16 p.m.53 views

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

7.1CVSS6.8AI score0.00786EPSS
Exploits0References7
Prion
Prion
added 2023/08/22 7:16 p.m.26 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

3.3CVSS5AI score0.00749EPSS
Exploits0References6Affected Software2
Debian CVE
Debian CVE
added 2023/08/22 2:12 p.m.40 views

CVE-2022-44729

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

7.1CVSS6.5AI score0.00786EPSS
Exploits0
CVE
CVE
added 2023/08/22 2:12 p.m.447 views

CVE-2022-44729

CVE-2022-44729 describes a Server-Side Request Forgery (SSRF) in Apache Batik (Apache XML Graphics Batik) affecting version 1.16, where a crafted SVG could trigger loading external resources by default. This behavior can lead to resource consumption and potential information disclosure. The conne...

7.1CVSS6.7AI score0.00786EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2023/08/22 1:57 p.m.130 views

CVE-2022-44730

CVE-2022-44730 is a Server-Side Request Forgery (SSRF) in Apache XML Graphics Batik (affected version: 1.16). A malicious SVG can probe user data and send it as a parameter to a URL; advisories (IBM bulletin, ALAS-2025-2801, Amazon Linux advisories) identify this alongside CVE-2022-44729 and reco...

4.4CVSS5.7AI score0.00749EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/21 6:55 a.m.18 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.4AI score0.01855EPSS
Exploits0References5
CVE
CVE
added 2023/08/21 6:55 a.m.2991 views

CVE-2022-46751

CVE-2022-46751: Apache Ivy is vulnerable to XML External Entity (XXE) or XML injection due to improper restriction of DTD processing. Affected versions: Ivy prior to 2.5.2. Root cause: parsing XML files (Ivy config, Ivy files, POMs) can download external DTDs and expand entities, enabling data ex...

8.2CVSS8.4AI score0.01855EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/18 12:0 a.m.26 views

Fedora 38 : trafficserver (2023-dcbfbf1396)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dcbfbf1396 advisory. Update to upstream 9.2.2. Changes with Apache Traffic Server 9.2.2 9544 - Docs: format typos in headerrewrite doc 9754 - Fix OCSP detection during...

9.1CVSS7.7AI score0.01492EPSS
Exploits0References3
NVD
NVD
added 2023/08/11 8:15 a.m.38 views

CVE-2023-39553

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

7.5CVSS7.4AI score0.01776EPSS
Exploits0References3
Prion
Prion
added 2023/08/11 8:15 a.m.19 views

Input validation

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

5CVSS7.3AI score0.01776EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/11 7:18 a.m.12 views

CVE-2023-39553 Apache Airflow Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

7.3AI score0.01776EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/11 7:18 a.m.40 views

CVE-2023-39553 Apache Airflow Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

7.6AI score0.01776EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/08/09 7:15 a.m.34 views

CVE-2022-47185

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1...

7.5CVSS7.1AI score0.01492EPSS
Exploits0References6
Rows per page
Query Builder