Lucene search
K

143 matches found

Atlassian
Atlassian
added 2024/11/04 10:11 a.m.27 views

RCE (Remote Code Execution) org.apache.avro:avro Dependency in Bamboo Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.6.0, and 10.0.0-rc3 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L...

9.2CVSS7.8AI score0.03278EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/22 6:29 p.m.6 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 7:55 p.m.3 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 7:55 p.m.26 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.2CVSS7.2AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 2:0 p.m.6 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 1:43 p.m.5 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 11:49 a.m.7 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 11:49 a.m.39 views

Critical: Red Hat Security Advisory: Red Hat build of Quarkus 3.8.6.SP1 Security Update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

9.2CVSS7.1AI score0.03278EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2024/10/09 12:35 p.m.5 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
Veracode
Veracode
added 2024/10/08 5:9 p.m.7 views

Deserialization Of Untrusted Data

Apache Avro is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper schema parsing in the Java SDK, which allows attackers to execute arbitrary code...

9.2CVSS7.5AI score0.03278EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2024/10/08 4:8 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/08 4:4 p.m.4 views

apache-avro: Schema parsing may trigger Remote Code Execution (RCE)

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...

9.2CVSS7.9AI score0.03278EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/10/07 9:30 a.m.25 views

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit SDK that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-47561 CVSS score: 9.3, impacts all versions of the software prior t...

9.2CVSS7.4AI score0.03278EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/07 12:0 a.m.6 views

The vulnerability of the Apache Avro data serialization library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted data schema.

The vulnerability of the Apache Avro data serialization library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing a specially crafted data schema...

7.5CVSS7.8AI score0.03278EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2024/10/03 12:57 p.m.34 views

CVE-2024-47561

A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute. Mitigation 1. Avoid parsin...

8.8CVSS7.6AI score0.03278EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/10/03 12:30 p.m.36 views

Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

9.2CVSS7.4AI score0.03278EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2024/10/03 11:15 a.m.41 views

CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

9.2CVSS0.03278EPSS
Exploits0References3
OSV
OSV
added 2024/10/03 11:15 a.m.5 views

CVE-2024-47561

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

9.2CVSS8.3AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/03 10:23 a.m.23 views

CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

9.2CVSS7.2AI score0.03278EPSS
Exploits0References1
Rows per page
Query Builder