Lucene search
K

143 matches found

OSV
OSV
added 2024/10/03 10:23 a.m.6 views

CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)

Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...

9.2CVSS8.3AI score0.03278EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.2 views

Apache Avro 代码问题漏洞

Apache Avro is a data serialization system from the Apache USA Foundation. It provides data serialization and data exchange services for Apache Hadoop. A code issue vulnerability exists in Apache Avro versions prior to 1.11.4. An attacker exploiting this vulnerability could execute arbitrary code...

9.2CVSS7.7AI score0.03278EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.5 views

PT-2024-6649

Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.11.3 and previous versions Apache Avro versions prior to 1.11.4 Bamboo Data Center and Server versions 9.2.1, 9.6.0, and 10.0.0-rc3 Bitbucket Data Center and Server versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0,...

9.8CVSS7.1AI score0.03278EPSS
Exploits0References217
OSV
OSV
added 2024/08/02 11:8 a.m.5 views

OESA-2024-1917 avro security update

Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...

7.5CVSS6.9AI score0.01772EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/04 7:29 a.m.28 views

Security Bulletin: IBM Instana Observability is vulnerable to Improper Input Validation due to Apache Avro Java SDK

Summary Vulnerability in Apache Avro Java SDK was remediated in IBM Observability with Instana Build 275. CVE-2023-39410 Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

7.5CVSS8.4AI score0.01772EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.6 views

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

7.5CVSS7.1AI score0.01772EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/07 7:56 p.m.23 views

Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1

Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-43045 DESCRIPTION: Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...

7.5CVSS7.4AI score0.0296EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.75 views

IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)

The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following: - When deserializing untrusted or corrupted data,...

9.8CVSS7.8AI score0.99999EPSS
Exploits64References68
Broadcom
Broadcom
added 2024/04/16 12:0 a.m.42 views

Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

7.5CVSS7.1AI score0.01772EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 3:37 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.

Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...

9.8CVSS9.9AI score0.01855EPSS
Exploits4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.5 views

The vulnerability of the Apache Avro data serialization library, related to deficiencies in the deserialization mechanism, allows attackers to trigger a service failure.

The vulnerability of the Apache Avro data serialization library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to cause service failures...

7.8CVSS6.5AI score0.01772EPSS
Exploits0References5Affected Software10
Atlassian
Atlassian
added 2024/03/06 4:53 a.m.40 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a...

7.5CVSS7.2AI score0.01772EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/31 7:31 p.m.62 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By...

7.5CVSS8.6AI score0.01772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/30 4:12 a.m.52 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...

9.8CVSS10AI score0.04322EPSS
Exploits4Affected Software1
Atlassian
Atlassian
added 2024/01/17 6:46 a.m.40 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Confluence Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 4.1 of Confluence Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

7.5CVSS8.6AI score0.01772EPSS
Exploits0
Atlassian
Atlassian
added 2023/12/19 6:45 a.m.45 views

DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS6.7AI score0.01772EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/12/07 2:26 p.m.66 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

9.1CVSS6.7AI score0.02459EPSS
Exploits4References17
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.4 views

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

7.5CVSS7.1AI score0.01772EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.65 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.5CVSS7AI score0.99999EPSS
Exploits19References34
RedHat Linux
RedHat Linux
added 2023/12/04 6:2 p.m.10 views

apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK

A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...

7.5CVSS7.1AI score0.01772EPSS
Exploits0References5
Rows per page
Query Builder