5 matches found
EUVD-2025-210350
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...
CVE-2024-41888
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. This could potentially lead to the link being misused or hijacked...
PT-2024-29621 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The issue affects Apache Answer, where a user can send multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link...
PT-2024-29619 · Apache · Apache Answer
Name of the Vulnerable Software and Affected Versions: Apache Answer versions through 1.3.5 Description: The password reset link remains valid within its expiration period even after it has been used, potentially leading to misuse or hijacking. Recommendations: For Apache Answer versions through...
PT-2023-11827 · Unknown · Net::Ldaps +1
Name of the Vulnerable Software and Affected Versions: Apache::Session::Browseable versions prior to 1.3.6 Description: The issue concerns the validity check of the X.509 certificate when connecting to remote LDAP backends. By default, the validity of the X.509 certificate is not checked due to t...