CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-59355 Apache Linkis: Password Exposure

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...

CVE-2025-29847

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

CVE-2025-29847

CVE-2025-29847 (Apache Linkis) : A vulnerability in Apache Linkis where, when using the JDBC engine and data source, multiple URL-encoded parameters on the frontend can bypass checks and allow unauthorized access to system files via JDBC parameters. Affected versions: 1.3.0–1.7.0. Impact: potenti...

CVE-2025-29847 Apache Linkis: Arbitrary File Read via Double URL Encoding Bypass

A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass the system's checks. This bypass can trigg...

K000159609: Apache Tika vulnerability CVE-2025-66516

Security Advisory Description Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...

MiracleLinux 7 : httpd-2.4.6-93.0.1.el7.AXS7 (AXSA:2020-006:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-006:01 advisory. httpd: modsessioncookie does not respect expiry time CVE-2018-17199 httpd: Out of bounds write in modauthnzldap when using too small Accept-Language...

Apache Kyuubi Directory Traversal Vulnerability

Apache Kyuubi is a distributed SQL gateway from the Apache Foundation. Apache Kyuubi suffers from a directory traversal vulnerability that originates from a client-side bypass of server-side configuration, which can be exploited by an attacker to cause access to unauthorized local files...

DLA-4444-1 apache-log4j2 - security update

Bulletin has no description...

Apache Linkis security vulnerabilities

Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis 1.7.0 and earlier contain security vulnerabilities. These vulnerabilities stem fr...

Apache bRPC Command Injection

The Apache bRPC heap profiler suffers from a command injection vulnerability. Versions below 1.15.0 are affected...

MiracleLinux 7 : pacemaker-1.1.13-10.el7 (AXSA:2015-850:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-850:01 advisory. Pacemaker is an advanced, scalable High-Availability cluster resource manager for Corosync, CMAN and/or Linux-HA. It supports more than 16 node clusters with...

MiracleLinux 7 : httpd24-httpd-2.4.25-9.el7 (AXSA:2017-1638:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1638:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...

MiracleLinux 7 : httpd-2.4.6-45.4.0.1.el7.AXS7 (AXSA:2017-1628:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1628:01 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2016-0736 RESERVED This...

MiracleLinux 3 : geronimo-tomcat6-jee5-2.2-1.AXS3 (AXSA:2010-309:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2010-309:01 advisory. The goal of the Geronimo project is to produce a server runtime framework that pulls together the best Open Source alternatives to create runtimes th...

MiracleLinux 4 : httpd-2.2.15-28.0.1.AXS4 (AXSA:2013-442:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-442:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security issues fixed with this release: CVE-2012-3499 Multiple cross-sit...

MiracleLinux 7 : subversion-1.7.14-14.el7 (AXEA:2018-2733:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2018-2733:01 advisory. - modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access,...

MiracleLinux 3 : httpd-2.2.3-11.4.1AXS3 (AXBA:2008-331:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-331:03 advisory. - Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp...

MiracleLinux 3 : php-5.1.6-45.0.1.AXS3 (AXSA:2014-794:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-794:03 advisory. Description : PHP is an HTML-embedded scripting language that allows developers to write dynamically generated web pages. PHP is ideal for writing...