Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7591

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02404EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/01/08 6:0 p.m.26 views

CVE-2022-40145

A flaw was found in Apache Karaf. This issue may allow an attacker to control the LDAP server used by the JDBC JNDI URL and execute code remotely RCE. Mitigation No mitigation is currently available...

9.8CVSS7.4AI score0.02404EPSS
Exploits0References4
OSV
OSV
added 2023/06/12 6:30 p.m.47 views

GHSA-65WH-G8X8-GM2H Apache NiFi vulnerable to Deserialization of Untrusted Data

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

6.5CVSS6.6AI score0.02351EPSS
Exploits1References8
NVD
NVD
added 2023/06/12 4:15 p.m.34 views

CVE-2023-34212

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

6.5CVSS6.4AI score0.02351EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/12/21 6:30 p.m.29 views

Apache Karaf vulnerable to potential code injection

This vulnerability is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource uses InitialContext.lookupjndiName without filtering. A...

9.8CVSS9.6AI score0.02404EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2022/12/21 4:15 p.m.24 views

Code injection

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtilsdoCreateDatasource use InitialContext.lookupjndiName without filtering. An us...

7.5CVSS9.8AI score0.02404EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder