Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

GHSA-2gh6-wc3m-g37f: hermes-management is vulnerable to RCE due to Apache commons-jxpath

### Impact hermes-management is vulnerable to RCE when it processes user-controlled data due to using Apache commons-jxpath. ### Patches Upgrade Hermes to at least hermes-2.2.9 ### References https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/

ghsa
Open in Source
#vulnerability#web#apache#rce#xpath#auth
GHSA-3xq2-w6j4-c99r: Apache Seata Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue.

New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining. The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua. "When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher

Red Hat Security Advisory 2024-6584-03

Red Hat Security Advisory 2024-6584-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

GHSA-7gq2-vwq9-w8vw: Eclipse Glassfish URL redirection vulnerability

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').

Red Hat Security Advisory 2024-6536-03

Red Hat Security Advisory 2024-6536-03 - Red Hat AMQ Streams 2.5.2 is now available from the Red Hat Customer Portal. Issues addressed include bypass, denial of service, information leakage, and memory leak vulnerabilities.

GHSA-c392-whpc-vfpr: Apache Airflow vulnerable to Improper Encoding or Escaping of Output

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

GHSA-92xg-gmrq-5c3w: Apache Airflow vulnerable to Execution with Unnecessary Privileges

Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.

C-MOR Video Surveillance 5.2401 Insecure Third-Party Components

C-MOR Video Surveillance version 5.2401 makes use of unmaintained vulnerability third-party components.

C-MOR Video Surveillance 5.2401 / 6.00PL01 SQL Injection

C-MOR Video Surveillance versions 5.2401 and 6.00PL01 suffer from a remote SQL injection vulnerability.