Apache HTTP Server Resource Management Error Vulnerability

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable, and extensible through a simple API. A resource management error vulnerability exists in Apache HTTP Server modhttp2, which stems from the fact that when a client resets t...

Apache HTTP Server 2.4.17 - 2.4.57 DoS Vulnerability - Windows

Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] [DLA 3622-1] axis security update

Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 17, 2023 https://wiki.debian.org/LTS Package : axis Version : 1.4-28+deb10u1 CVE ID : CVE-2023-40743 Debian Bug : 1051288 Letian Yuan discovered a flaw in Apache Axis 1.x, a SOA...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85612)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has an information disclosure vulnerability that can be exploited by...

Design/Logic Flaw

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

CVE-2023-43666

CVE-2023-43666 concerns Apache InLong (versions 1.4.0–1.8.0) with Insufficient Verification of Data Authenticity, enabling a general user to view all user data (including admin data). The issue is documented across multiple sources and is addressed by upgrading to 1.9.0 or applying the provided p...

CVE-2023-43667

CVE-2023-43667 affects Apache InLong (versions 1.4.0–1.8.0). The issue is an improper neutralization of special elements in output used by a downstream component, leading to injection that can create misleading or false log records and hinder auditing. Red Hat and other sources corroborate the vu...

CVE-2023-45757

CVE-2023-45757 affects Apache bRPC 1.6.0 (e.g., 1.6.1), (2) apply the patch from PR #2411 if upgrading is difficult, or (3) disable the rpcz feature. If exploitation details or in-the-wild data are not present in the provided documents, those specifics are not stated here.

CVE-2023-45757 Apache bRPC: The builtin service rpcz page has an XSS attack vulnerability

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : HttpClient vulnerability (USN-5239-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5239-1 advisory. It was discovered that HttpClient mishandled certain input. An attacker could use this vulnerability to cause a crash or possibly execute...

Ubuntu 16.04 ESM / 18.04 ESM : Apache Commons BeanUtils vulnerabilities (USN-4766-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4766-1 advisory. It was discovered that Apache Commons BeanUtils improperly handled certain input. An attacker could possibly use this vulnerability to cause ...

CVE-2023-42792

CVE-2023-42792 (Apache Airflow) affects Airflow versions prior to 2.7.2. An authenticated user with limited access to some DAGs can craft a request to gain write access to DAG resources for DAGs they should not access, enabling them to clear those DAGs. Root cause described as improper access con...

CVE-2023-45348

CVE-2023-45348 affects Apache Airflow (versions 2.7.0 and 2.7.1). The issue is an information leakage where an authenticated user can retrieve sensitive configuration data when the expose_config option is set to non-sensitive-only (default is False). The vulnerability specifically concerns access...

CVE-2023-44981

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

CVE-2023-36419

Technical details about CVE-2023-36419 are not publicly provided in the connected documents. The initial description notes an XXE-based elevation of privilege in Azure HDInsight Oozie, but no further specifics (version, root cause, fix) are available here. Monitor for updates.

Denial Of Service (DoS)

org.apache.commons: commons-compress is vulnerable to Denial of Service DoS. The vulnerability allows an attacker to cause a DoS attack on an application that uses Apache Commons Compress by sending a specially crafted TAR file leading to uncontrolled resource consumption...

ThingsBoard Server-Side Template Injection

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute for content sent to the /api/admin/settings endpoint...

Medium: freerdp

Issue Overview: FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS e.g. abort due to WINPRASSERT with default compilation flags. When an insufficient blockLen is provided, and...

Apache Avro Java SDK vulnerable to Improper Input Validation

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro...

Apache Subversion Server SEoL (1.7.x)

According to its version, Apache Subversion Server is 1.7.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities. %NASLMINLEVEL...