Moderate: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA)

An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available RHBQ 3.20.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

PYSEC-2025-184

This issue affects Apache Spark versions before 3.4.4,3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes.When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to improper access control in handling sensitive connection fields, allowing users with read permissions to view sensitive data through the API and UI...

EUVD-2025-34531

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

Apache Spark 安全漏洞

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a cryptographic issue vulnerability that stems from the use of insecure default network encryption ciphers for inter-node RPC...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48976)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the Management GUI and could provide weaker-than-expected security, are now fixed in Storage Scale 5.1.9.12 and 5.2.3.3 or higher CVE-2025-48976. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of...

Security Bulletin: Multiple vulnerabilities reported in YAJSW service shipped in IBM WebSphere eXtreme Scale Liberty Deployment

Summary YAJSWYet Another Java Service Wrapper uses Apache Commons and Netty to manage services, launch and monitor application etc. WebSphere eXtreme Scale Liberty deployments, uses YAJSW to register services with the operating system. CVE-2025-27553, CVE-2025-30474 and CVE-2025-25193...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

EUVD-2024-55032

Apache Geode web-api is vulnerable to Cross-site Scripting...

CVE-2024-44088

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088

Apache Geode web-api (REST) is affected by a Cross-site Scripting (XSS) vulnerability that can be exploited when a logged-in user is tricked into clicking a crafted link, potentially enabling code execution on the victim page and leading to session information theft or account takeover. All Geode...

CVE-2024-44088 Apache Geode: Reflected XSS

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088 Apache Geode: Reflected XSS

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

Apache Geode 安全漏洞

Apache Geode is a U.S.-based Apache Foundation suite of management platforms used in distributed cloud architectures to provide real-time and consistent access to data for data-intensive applications. A security vulnerability exists in Apache Geode versions prior to 1.15.2 that originates from we...

UI for Apache Kafka 安全漏洞

UI for Apache Kafka is an open source front-end interface for Kafka by Provectus. A security vulnerability exists in UI for Apache Kafka versions v0.6.0 through v0.7.2, which originates from the upload of a specially crafted configuration file and could lead to a denial of service attack...

ZTE ZXCDN 安全漏洞

ZTE ZXCDN is a unified network management platform from ZTE Corporation ZTE, China. A security vulnerability exists in ZTE ZXCDN, which originates from an Apache Struts remote code execution vulnerability that could lead to remote command execution with non-root privileges...