Linux Distros Unpatched Vulnerability : CVE-2019-17565

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to...

Linux Distros Unpatched Vulnerability : CVE-2021-31812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior...

Linux Distros Unpatched Vulnerability : CVE-2022-31780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache...

Linux Distros Unpatched Vulnerability : CVE-2021-27577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0...

Linux Distros Unpatched Vulnerability : CVE-2022-47184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic...

Linux Distros Unpatched Vulnerability : CVE-2020-9489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or...

Linux Distros Unpatched Vulnerability : CVE-2022-32749

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certa...

Linux Distros Unpatched Vulnerability : CVE-2022-25763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This...

Linux Distros Unpatched Vulnerability : CVE-2021-29262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing...

ROS-20250827-03

A vulnerability in the resolveFile method of the Apache Commons VFS Virtual File System unified API for accessing different file systems is due to errors in the relative path handling of the directory when processing the relative path of the directory. Virtual File System method is related to...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.104.jar Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted...

CVE-2025-54988 vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, elasticsearch, opensearch...

GHSA-P72G-PV48-7W9X vulnerabilities

Vulnerabilities for packages: elasticsearch-fips, elasticsearch, opensearch...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Linux Distros Unpatched Vulnerability : CVE-2022-28129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apach...

Linux Distros Unpatched Vulnerability : CVE-2023-22602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication...

Solaris 10 (sparc): 152643-17

SunOS 5.10: Obsoleted by: 120543-38 SunOS 5.10: Apache 2.4 Patch. Date this patch was last updated by Sun : Jan/15/24 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255272;...

Apache OFBiz Code Execution Vulnerability (CNVD-2025-20870)

Apache OFBiz is the United States Apache Apache Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A code execution vulnerability exists in Apache OFBiz versions prior to 24.09.02 that stems from improper...

Apache StreamPark SQL Injection Vulnerability

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A SQL injection vulnerability exists in Apache StreamPark versions 2.1.4 through 2.1.6 and earlier, which stems from the application's lack of validation of externally entered S...

Apache Log4cxx Input Validation Error Vulnerability (CNVD-2025-20868)

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . An input validation error vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from JSONLayout not properly escaping all payload bytes, and can be exploited...