4 matches found
XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crucible Server and Fisheye Server
This Crucible Server and Fisheye Server release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the...
Use of Incorrectly-Resolved Name or Reference
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the getPath function in the utils/url.ts file. An attacker can gain unauthorized access to protected endpoints by sending specially craft...
PT-2023-5402 · Apache · Apache Rocketmq
Name of the Vulnerable Software and Affected Versions: Apache RocketMQ versions 5.1.0 and below Apache RocketMQ versions prior to 4.9.6 Description: The vulnerability is related to a permission verification issue in Apache RocketMQ, allowing attackers to perform remote command execution under...
PT-2019-7560 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.6 Description: The issue is related to an off-by-one error in the cqspi setup flash function, located in the drivers/mtd/spi-nor/cadence-quadspi.c file. This error occurs because there are CQSPI MAX CHIPSELE...