182 matches found
ALSA-2022:1861 Moderate: maven:3.5 security update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...
Moderate: maven:3.5 security update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...
maven:3.5 security update
An update is available for apache-commons-io, atinject, maven-shared-utils, plexus-cipher, aopalliance, plexus-classworlds, glassfish-el, apache-commons-cli, guava20, plexus-containers, plexus-sec-dispatcher, httpcomponents-client, maven-resolver, jansi-native, apache-commons-logging,...
ALSA-2022:1860 Moderate: maven:3.6 security and enhancement update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...
RLSA-2022:1860 Moderate: maven:3.6 security and enhancement update
Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: apache-httpclient: incorrect handling of malformed authority...
CentOS 8 : maven:3.5 (CESA-2022:1861)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2022:1861 advisory. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that Nessus has not tested for this issue but has...
CentOS 8 : maven:3.6 (CESA-2022:1860)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:1860 advisory. - apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Note that Nessus has not tested for this issue but has...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-44228 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.7)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-44228 Source advisory: OSV:GHSA-JFH8-C2JP-5V3Q...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Security Bulletin: Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager
Summary Multiple Security Vulnerabilities have been fixed in the IBM Security Access Manager ISAM version 9.0.7.2 Vulnerability Details CVEID: CVE-2019-10208 DESCRIPTION: PostgreSQL is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient
Summary IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of...
Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server
Summary There are multiple vulnerabilities in IBM Secure External Authentication Server. IBM Secure External Authentication Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-29725 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote user to consume resources...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache httpclient
Summary A vulnerability in Apache httpclient used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...
Cross-site scripting in Apache HttpClient
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
GHSA-7R82-7XV7-XCPJ Cross-site scripting in Apache HttpClient
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
IBM WebSphere Application Server 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.20 / 9.0.x < 9.0.5.8 Multiple Vulnerabilities
The version of WebSphere Application Server installed on the remote host is 8.0.x through 8.0.0.15, 8.5.x prior to 8.5.5.20, or 9.0.x prior to 9.0.5.8. It is, therefore, affected by multiple vulnerabilities as referenced in the 6453091 advisory, including the following: -...