SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xerces-c (SUSE-SU-2024:0320-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0320-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the...

SUSE SLES12 Security Update : xerces-c (SUSE-SU-2024:0299-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0299-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw ha...

GHSA-9XC9-XQ7W-VPCR Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the...

GHSA-R8XP-52MQ-RMM8 Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the issue...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center. This issue affects Apache ServiceComb Service-Center before 2.1.0 included. Users are recommended to upgrade to version 2.2.0, which fixes the issue...

CVE-2023-44312

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...

CVE-2023-44313 Apache ServiceComb Service-Center: attacker can perform SSRF through the frontend API

Server-Side Request Forgery SSRF vulnerability in Apache ServiceComb Service-Center. Attackers can obtain sensitive server information through specially crafted requests.This issue affects Apache ServiceComb before 2.1.0include. Users are recommended to upgrade to version 2.2.0, which fixes the...

CSZCMS 1.3.0 SQL Injection Vulnerability

Title: CSZCMS v1.3.0 - SQL Injection Author: Abdulaziz Almetairy Vendor: https://www.cszcms.com/ Software: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download Reference: https://github.com/oh-az Tested on: Windows 11, MySQL, Apache 1 - Log in to the admin portal...

Apache Superset Cross-Site Scripting Vulnerability (CNVD-2024-06442)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 3.0.3, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can ...

SUSE: Security Advisory (SUSE-SU-2024:0224-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6596-1: Apache::Session::LDAP vulnerability

It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive informati...

CVE-2023-49657

A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...

CVE-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title

A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...

New Attacks Target Misconfigured Apache Applications with Monero Miner

Summary: A recently identified attack exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. This attack stands out due to the attackers utilization of packers and rootkits to conceal the malware, adding an extra layer of complexity and...

Ubuntu 20.04 LTS / 22.04 ESM / 23.04 / 23.10 : Xerces-C++ vulnerability (USN-6579-2)

The remote Ubuntu 20.04 LTS / 22.04 ESM / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6579-2 advisory. USN-6579-1 fixed a vulnerability in Xerces-C++. This update provides the corresponding update for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

Apache Shiro vulnerable to path traversal

Apache Shiro before 1.130 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure blockSemicolon is enabled this is the default...

CVE-2023-46226

Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue...

Race Condition

github.com/apache/incubator-answer is vulnerable to Race Condition. The vulnerability is due to inappropriate handling of collection count while a user bookmarks a question. Repeated submissions of bookmark through a script increases the number of collection of questions...

A Bootiful Podcast: Apache Skywalking’s Sheng Wu and Apache ShardingSphere’s Trista Pan

Hi, Spring fans! In this installment we're joined by two Apache luminaries Trista Pan - of Apache ShardingSphere - and Sheng Wu - of Apache Skywalking...

Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerability (USN-6579-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6579-1 advisory. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could...