Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2023-29382: Security Center - Zimbra :: Tech Center

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE
Open in Source
#xss#csrf#vulnerability#web#android#mac#apple#microsoft#ubuntu#linux#debian#red_hat#apache#memcached#nodejs#js#git#java#oracle#php#rce#perl#ldap#nginx#ssrf#pdf#auth#zero_day#ssl
Beauty Salon Management System 1.0 SQL Injection

Beauty Salon Management System version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-2gpr-j5vj-wvh2: Apache Any23 vulnerable to excessive memory usage

Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

CVE-2023-34150

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

Ubuntu Security Notice USN-6199-1

Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

CVE-2023-2974

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

ApPHP MicroCMS 1.0.1 Host Header Injection

ApPHP MicroCMS version 1.0.1 re-embeds arbitrary content from the client into web pages.

GHSA-hg6c-qqcm-r79r: Apache Airflow Hive Provider Beeline remote code execution with Principal

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

CVE-2023-35797: Sanitize beeline principal parameter by potiuk · Pull Request #31983 · apache/airflow

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it requires access to modifying the connection details. It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.

CVE-2023-35947: Merge pull request from GHSA-84mw-qh6q-v842 · gradle/gradle@1096b30

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vu...