11 matches found
SUSE CVE-2025-54574
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access...
AZL-66075 CVE-2025-54574 affecting package squid 5.7-5
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access...
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Overview apache-airflow-providers-snowflake is a Provider package apache-airflow-providers-snowflake for Apache Airflow Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the...
Missing Authentication for Critical Function
Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...
VulnCheck KEV: CVE-2024-53677
File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload...
PT-2024-35091 · Hapi Fhir · Hapi Fhir
Name of the Vulnerable Software and Affected Versions: HAPI FHIR versions prior to 6.4.0 Description: The XSLT parsing performed by various components in HAPI FHIR is vulnerable to XML external entity injections. This issue can be exploited by submitting a malicious XML file with a DTD tag,...
PT-2024-6879 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.5 Description: The issue is related to a path traversal vulnerability that allows a remote unauthenticated attacker to bypass authentication. This is due to incorrect restriction of the path name to a...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a...
PT-2023-23874 · Avalanche · Avalanche
Name of the Vulnerable Software and Affected Versions: Avalanche versions 6.3.x and below Description: An unrestricted upload of file with a dangerous type could allow an attacker to achieve remote code execution. The issue is fixed in version 6.4.1. Recommendations: For Avalanche versions 6.3.x...
PT-2022-19488 · Unknown +3 · Jupyter Notebook +3
Name of the Vulnerable Software and Affected Versions: Jupyter Notebook versions prior to 6.4.12 Description: The issue concerns Jupyter Notebook, a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with...
PT-2018-3861 · Tibco +1 · Tibco Jasperreports Server +5
Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions up to and including 6.4.2 TIBCO JasperReports Server Community Edition versions up to and including 6.4.2 TIBCO JasperReports Server for ActiveMatrix BPM versions up to and including 6.4.2 TIBCO Jaspersoft...