143 matches found
CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4 or 1.12.0, which fix this issue...
Apache Avro 代码问题漏洞
Apache Avro is a data serialization system from the Apache USA Foundation. It provides data serialization and data exchange services for Apache Hadoop. A code issue vulnerability exists in Apache Avro versions prior to 1.11.4. An attacker exploiting this vulnerability could execute arbitrary code...
PT-2024-6649
Name of the Vulnerable Software and Affected Versions: Apache Avro versions 1.11.3 and previous versions Apache Avro versions prior to 1.11.4 Bamboo Data Center and Server versions 9.2.1, 9.6.0, and 10.0.0-rc3 Bitbucket Data Center and Server versions 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0,...
OESA-2024-1917 avro security update
Apache Avro is a data serialization system. Security Fixes: When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up...
Security Bulletin: IBM Instana Observability is vulnerable to Improper Input Validation due to Apache Avro Java SDK
Summary Vulnerability in Apache Avro Java SDK was remediated in IBM Observability with Instana Build 275. CVE-2023-39410 Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...
Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1
Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-43045 DESCRIPTION: Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...
IBM Cognos Analytics 11.1.1 < 11.1.7 FP8 / 11.2.x < 11.2.4 FP3 / 12.0.x < 12.0.2 (7123154)
The version of IBM Cognos Analytics installed on the remote host is prior to 11.1.7 FP8, 11.2.4 FP3, or 12.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Bulletin No. 7123154, including the following: - When deserializing untrusted or corrupted data,...
Apache Avro Java SDK vulnerable to Improper Input Validation (CVE-2023-39410)
When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...
Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.
Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...
The vulnerability of the Apache Avro data serialization library, related to deficiencies in the deserialization mechanism, allows attackers to trigger a service failure.
The vulnerability of the Apache Avro data serialization library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to cause service failures...
DoS (Denial of Service) org.apache.avro:avro Dependency in Jira Software Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 8.20.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, and 9.12.0 of Jira Software Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-39410 DESCRIPTION: Apache Avro Java SDK could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities
Summary IBM Data Risk Manager IDRM 2.0.6.19, which is the only supported version, is affected by multiple vulnerabilities. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.20. Please see the remediation steps below to apply the fix. All customers are encouraged to act...
DoS (Denial of Service) org.apache.avro:avro Dependency in Confluence Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 4.1 of Confluence Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...
DoS (Denial of Service) org.apache.avro:avro Dependency in Bamboo Data Center and Server
This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 9.2.1, 9.3.0, and 9.4.0 of Bamboo Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 2.13.9 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
A flaw was found in apache-avro. When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints, leading to an out-of-memory error and a denial of service on the system...