CVE-2022-38370

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

Session fixation

Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...

Authorization

Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should upgrade to version 0.13.1 which addresses this issue...

CVE-2022-38370

The CVE-2022-38370 issue affects the Apache IoTDB grafana-connector, specifically version 0.13.0, where an interface is exposed without authorization and can reveal internal database structures. The vulnerability is mitigated by upgrading to version 0.13.1, which addresses the issue. Connected so...

CVE-2022-38369

CVE-2022-38369 affects Apache IoTDB 0.13.0, vulnerable to a session-id attack (session fixation) that could allow an attacker to hijack a user session. The issue is mitigated by upgrading to IoTDB 0.13.1 . The NVD entry lists a high-severity impact with network exploitation, requiring user intera...

Online Market Place Site 1.0 Cross Site Scripting

Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Joe Pollock Date: September 03, 2022 Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...

CVE-2022-38054

Apache Airflow 2.2.4–2.3.3 is affected by a session fixation vulnerability in the database webserver session backend. The issue is documented across multiple sources (e.g., CVE-2022-38054, GHSA-5FF8-7639-6V6G, BIT-AIRFLOW-2022-38054) with high impact as per CVSS metrics. The provided Connected do...

Apache OFBiz Code Injection Vulnerability (CNVD-2023-03918)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...

Apache OFBiz has an unspecified vulnerability (CNVD-2023-03921)

Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A security vulnerability exists in Apache OFBiz 18.12.05 and earlier, which can be exploited by attackers to conduct regular expression denial-of-service attacks...

Deserialization of untrusted data

Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will...

Ubuntu: Security Advisory (USN-5212-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-65-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-328-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-133-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

Buffer overflow

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

CVE-2022-22728

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-37042 Zimbra CVE-2022-37042 Nuclei weaponized tem...

CVE-2022-22728 libapreq2 multipart form parse memory corruption

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack...

CVE-2022-22728

CVE-2022-22728 describes a buffer overflow in Apache libapreq2 versions 2.16 and earlier when handling multipart form uploads, leading to a possible denial-of-service via remote request causing a process crash. Multiple connected advisories confirm affected products and mitigations: Gentoo GLSA-2...