UBUNTU-CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

PT-2024-36616 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to v1.18.27 Description: DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the JDBC connection string, the paramete...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data

Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...

GeoServer Security Vulnerabilities

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from the fact that if GeoServer is deployed in a Windows operating system using the Apache Tomcat web...

RHEL 6 : vertx-web (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - vertx-web: StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route CVE-2023-248...

GHSA-86JX-WR74-XR74 Improper escaping in Apache Zeppelin

Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...

[SECURITY] Fedora 40 Update: scannotation-1.0.3-0.33.r12.fc40

Scannotation is a Java library that creates an annotation database from a set of .class files.This database is really just a set of maps that in dex what annotations are used and what classes are using them. Why do you need th is? What if you are an annotation framework like an EJB 3.0 container...

BIT-SPARK-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

Unrestricted File Upload

Apache Solr is vulnerable to Unrestricted File Upload. The vulnerability is due to the ConfigSets API accepting and uploading jar/class files without proper restriction of file type. When backing up Solr Collections, the configSet files will be saved to disk, but if the backup directory is includ...

UBUNTU-CVE-2023-50386

Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected...

PT-2024-1943 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.0.0 through 8.11.2 Apache Solr versions 9.0.0 through 9.4.0 Description: The issue is related to improper control of dynamically-managed code resources, unrestricted upload of files with dangerous types, and inclusion o...

CVE-2024-22233

A flaw was found in the Spring Framework. This issue may allow a remote user to provide specially crafted HTTP requests, leading the application to a Denial of Service DoS. An application may be considered vulnerable if it meets the both conditions: The application uses Spring MVC and Spring...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 Exploit for CVE-2023-46604 This tool helps...

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

Denial Of Service (DoS)

Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...

GHSA-JJFH-589G-3HJX Spring Boot Actuator denial of service vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

CVE-2023-34055

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...

PT-2023-7931 · Spring · Spring Boot

Name of the Vulnerable Software and Affected Versions: Spring Boot versions 2.7.0 through 2.7.17 Spring Boot versions 3.0.0 through 3.0.12 Spring Boot versions 3.1.0 through 3.1.5 Description: The issue is related to the Spring Boot framework, where an application can be vulnerable to a...