Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2022-47937: GitHub - apache/sling-org-apache-sling-commons-johnzon: Apache Sling Commons Johnzon Wrapper Library

** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.

CVE
Open in Source
#vulnerability#apache#js#git
CVE-2023-22318: Fix denial of service against webconf

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.

CVE-2020-13377: Path traversal in Enterprise loadbalancer VA MAX - v8.3.8 and earlier

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

GHSA-v9rm-7rv9-r3fw: Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

GHSA-mg5h-f3q8-c96g: Apache OpenMeetings vulnerable to remote code execution via null-bye injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

CVE-2020-13378: OS Command Injection in Enterprise loadbalancer VA MAX - v8.3.8 and earlier

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.

CVE-2023-31497: GitHub - 0xInfection/EPScalate: Exploit for elevation of privilege vulnerability in QuickHeal's Seqrite EPS.

Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.