#apache

CVE-2019-16942: [GEODE-7255] Need to pick up CVE-2019-16942

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.

5 years ago

CVE

Open in Source

#vulnerability #apache #js #jira

CVE-2019-16294: Scintilla

SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.

5 years ago

CVE

Open in Source

#sql #web #mac #windows #apple #google #microsoft #ubuntu #linux #dos #apache #redis #js #git #java #intel #php #c++#rce #perl #samba #pdf #vmware #amd #acer #dell #ruby #rpm #firefox #sap #ssl

CVE-2019-3644: McAfee Security Bulletin - Updates and product status for HTTP/2 vulnerabilities (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518

McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9517, potentially leading to a denial of service. This affects the scanning proxies.

5 years ago

CVE

Open in Source

#vulnerability #web #windows #linux #dos #apache #git

CVE-2019-12402

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

5 years ago

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

5 years ago

CVE

Open in Source

#apache #java #ssl

CVE-2016-10867: All-In-One Security (AIOS) – Security and Firewall

The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.

5 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #ios #windows #apple #google #microsoft #ddos #apache #js #git #java #wordpress #intel #php #perl #ldap #nginx #auth #dell

CVE-2019-14799: FV Flowplayer Video Player

The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.

CVE-2019-14513: GitHub - Slovejoy/dnsmasq-pre2.76: vulnerability assessment for early versions of dnsmasq

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

5 years ago

CVE

Open in Source

#vulnerability #web #mac #google #dos #apache #js #git #auth

CVE-2015-7559: [AMQ-6470] Remove unused ControlCommand handling in client

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

5 years ago

CVE

Open in Source

#dos #apache #js #jira

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

5 years ago

CVE

Open in Source

#sql #xss #web #apache #nodejs #js #intel #php #backdoor #nginx #ruby #rpm #ssl

Tag

#apache