Lucene search
K

57 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: quartz (UTSA-2026-016722)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016722 advisory. initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tenable has extracte...

9.8CVSS6.8AI score0.13779EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 7:38 p.m.5 views

Security Bulletin: IBM Terracotta is affected by an Apache Avro vulnerability that could allow code injection leading to access to unauthorized resources

Summary IBM Terracotta uses Apache Avro as part of Apache Parquet used within the IBM Terracotta implementation for data export and import. Vulnerability Details CVEID:CVE-2025-33042 DESCRIPTION: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when...

7.3CVSS5.8AI score0.00057EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 7:6 p.m.12 views

Security Bulletin: IBM Terracotta is affected by two Undertow vulnerabilities that could allow remote denial of service attacks and Host header manipulation leading to cache poisoning or session hijacking

Summary IBM Terracotta uses Undertow as the web server for hosting the Terracotta Management Service TMS. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...

9.6CVSS5.7AI score0.00126EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 2:27 a.m.13 views

Security Bulletin: IBM Terracotta affected by Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242

Summary Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242 are addressed in the IBM Teracotta product Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE vi...

9.8CVSS7.9AI score0.94428EPSS
Exploits101Affected Software1
Cvelist
Cvelist
added 2025/10/15 3:29 p.m.5 views

CVE-2025-2529 IBM Terracotta denial of service

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

2.9CVSS0.00025EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 3:29 p.m.8 views

CVE-2025-2529

Summary of CVE-2025-2529 (IBM Terracotta Ehcache 3.x) IBM Terracotta’s Ehcache 3.x library was found to be vulnerable to a hash-flooding DoS when applications use cache keys sourced from external/untrusted parties without filtration or salting. The public-facing description from IBM identifies de...

3.7CVSS6.5AI score0.00025EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/15 3:29 p.m.2 views

CVE-2025-2529 IBM Terracotta denial of service

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...

2.9CVSS6.5AI score0.00025EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/15 1:12 p.m.3 views

Security Bulletin: Ehcache library of IBM Terracotta hash flooding DoS vulnerability

Summary The Ehcache 3.x component library of IBM Terracotta was found to have a hash flooding DoS vulnerability that can affect applications that use cache keys directly sourced from end users. Vulnerability Details CVEID:CVE-2025-2529 DESCRIPTION: Applications using affected versions of Ehcache...

3.7CVSS6.6AI score0.00025EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.1 views

IBM Terracotta 安全漏洞

IBM Terracotta is a suite of distributed in-memory data management software from International Business Machines IBM. A security vulnerability exists in IBM Terracotta version 3.x that stems from unfiltered or unsalted handling of externally sourced keys, which could result in degraded cache writ...

2.9CVSS6.7AI score0.00025EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2008-6489

Malware in sbrugna...

6.8CVSS6.4AI score0.01723EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.4 views

CVE-2020-35469

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02014EPSS
Exploits0
Rosalinux
Rosalinux
added 2023/10/22 6:16 a.m.40 views

Advisory ROSA-SA-2023-2272

software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...

9.8CVSS6.8AI score0.13779EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/28 12:0 a.m.2 views

Terracotta Quartz Scheduler 代码注入漏洞

Terracotta Quartz Scheduler is an open source job scheduling framework. A security vulnerability exists in Terracotta Quartz Scheduler 2.3.2 and earlier versions, which stems from a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute...

9.8CVSS7.2AI score0.00643EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.2 views

SUSE CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...

5CVSS7AI score0.13779EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2021/12/21 5:6 a.m.9 views

terracotta-and-more.it Cross Site Scripting vulnerability OBB-2308694

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/10 8:12 p.m.46 views

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of...

9.8CVSS0.7AI score0.13779EPSS
Exploits2Affected Software1
OSV
OSV
added 2021/03/14 9:20 p.m.11 views

MGASA-2021-0133 Updated quartz packages fix a security vulnerability

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description CVE-2019-13990...

9.8CVSS9.3AI score0.13779EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.2 views

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS7AI score0.13779EPSS
Exploits0References4
OSV
OSV
added 2020/12/16 12:15 a.m.1 views

CVE-2020-35469

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...

9.8CVSS7.3AI score0.02014EPSS
Exploits0References1
NVD
NVD
added 2020/12/16 12:15 a.m.7 views

CVE-2020-35469

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...

10CVSS9.6AI score0.02014EPSS
Exploits0References1
Rows per page
Query Builder