Security
Headlines
HeadlinesLatestCVEs

Tag

#apache

CVE-2023-48815: GitHub - kekingcn/kkFileView: Universal File Online Preview Project based on Spring-Boot

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#google#linux#apache#redis#js#git#java#php#nginx#pdf#docker#maven
CVE-2023-49093: HtmlUnit 3.8.0 are vulnerable to Remote Code Execution (RCE) via XSTL

HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0

Red Hat Security Advisory 2023-7617-02

Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.

CVE-2023-45253: Security Disclosure of Vulnerabilities: CVE-2023-45252 and CVE-2023-45253

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.

CVE-2023-49735

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-77jg-cpw9-73vg: Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

CVE-2023-49733

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

GHSA-8v4w-jr33-4rh3: Apache Cocoon SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon. This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

GHSA-r44q-98gx-pmh2: Apache DolphinScheduler Missing Authorization vulnerability

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability

CVE-2023-49620: [Feature][Permission] Reconstruction of permissions of resource center and monitoring center. by WangJPLeo · Pull Request #10307 · apache/dolphinscheduler

Before DolphinScheduler version 3.1.0, the login user could delete UDF function in the resource center unauthorized (which almost used in sql task), with unauthorized access vulnerability (IDOR), but after version 3.1.0 we fixed this issue. We mark this cve as moderate level because it still requires user login to operate, please upgrade to version 3.1.0 to avoid this vulnerability