EUVD-2016-5456

Malware in sbrugna...

EUVD-2013-2144

Malware in sbrugna...

EUVD-2011-1092

Malware in sbrugna...

EUVD-2010-3447

Malware in sbrugna...

EUVD-2019-0462

Malware in sbrugna...

EUVD-2010-4377

Malware in sbrugna...

EUVD-2019-0474

Malware in sbrugna...

EUVD-2011-1043

Malware in sbrugna...

EUVD-2022-5067

Malicious code in bioql PyPI...

EUVD-2024-0931

Malicious code in bioql PyPI...

EUVD-2022-4130

Malicious code in bioql PyPI...

EUVD-2024-0941

Malicious code in bioql PyPI...

EUVD-2024-1006

Malicious code in bioql PyPI...

EUVD-2022-3193

Malicious code in bioql PyPI...

EUVD-2022-2600

Malicious code in bioql PyPI...

CVE-2022-29405

In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8...

CVE-2020-9495

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users...

CVE-2019-0214

In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism. Existing files can be overwritten, if the archiva run user has appropriate permission on the filesystem for the target file...

CVE-2019-0213

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva...

CVE-2024-27138

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...