Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong 1.7.0 o...

Apache InLong Exposure of Resource to Wrong Sphere vulnerability

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick...

Apache OpenMeetings insufficient authorization vulnerability

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

Apache Linkis Zip Slip issue

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

ApPHP MicroCMS 1.0.1 Host Header Injection

==================================================================================================================================== | Title : ApPHP MicroCMS v1.0.1 Host header attack Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro | | Vendor :...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-2295)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Airflow JDBC Provider Code Execution Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A code execution vulnerability exists in Apache Airflow JDBC Provider, which can be exploited by an attacker to execute arbitrary code on a system...

Bropper - An Automatic Blind ROP Exploitation Tool

An automatic Blind ROP exploitation python tool Abstract BROP Blind ROP was a technique found by Andrew Bittau from Stanford in 2014. Original paper Slides Most servers like nginx, Apache, MySQL, forks then communicates with the client. This means canary and addresses stay the same even if there ...

Apache Airflow ODBC Provider and MSSQL Provider Arbitrary File Read Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. An arbitrary file read vulnerability exists in the Apache Airflow ODBC Provider and MSSQL Provider, which stems from the fact that getsqlalchemyconnection can...

Apache Airflow ODBC Provider Remote Code Execution Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A remote code execution vulnerability exists in Apache Airflow ODBC Provider, which can be exploited by an attacker to cause command execution...

CVE-2023-22886

Summary: CVE-2023-22886 relates to an Improper Input Validation vulnerability in the Apache Airflow JDBC Provider (pre-4.0.0). What is affected: Apache Airflow JDBC Provider and its Connection URL handling. Root cause / impact: The Connection URL parameters had no restrictions, enabling potential...

PT-2023-18751 · Apache · Apache Airflow Odbc Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow JDBC Provider versions prior to 4.0.0 Description: The issue is related to improper input validation in the Apache Airflow JDBC Provider, specifically in the Connection URL parameters of the Airflow JDBC Provider Connection,...

Apache StreamPipes Improper Privilege Management vulnerability

A REST interface in Apache StreamPipes versions 0.69.0 to 0.91.0 was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0...

Apache Tomcat vulnerable to information leak

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS message would be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SENDHEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy modproxyajp would use the response heade...

CVE-2023-34981

CVE-2023-34981 affects Apache Tomcat: a regression in the fix for bug 66512 causes no AJP SEND_HEADERS to be sent when a response has no HTTP headers, allowing an information leak via proxies (e.g., mod_proxy_ajp) leaking headers from a previous request. The initial description lists affected Tom...

Security Bulletin: Vulnerabilities of Apache commons codec (commons-codec-1.6.jar) have affected APM NetApp Storage and APM File Gateway Agent

Summary APM NetApp Storage and APM File Gateway Agents are vulnerable to Apache commons codec commons-codec-1.6.jar.The fix includes commons-codec-1.6.jar upgraded to commons-codec-1.15.jar. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attack...

Caucho Resin Path Traversal Vulnerability (CVE-2004-0281) - Active Check

Caucho Resin is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:caucho:resin";...

CVE-2023-34149

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...