apache/mod_perl Vulnerability Summary Vendor name: apache Product name: mod_perl Total vulnerabilities: 3 (as 2023-05-04) apache/mod_perl Vulnerability List CVE-2011-2767: mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a… Published: 2018-08-26T16:29:00 Last Modified: 2019-09-24T18:15:00 Summary mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator’s control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

apache/mod_python Vulnerability Summary Vendor name: apache Product name: mod_python Total vulnerabilities: 6 (as 2023-05-04) apache/mod_python Vulnerability List CVE-2006-1095: Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache… Published: 2006-03-09T13:06:00 Last Modified: 2017-07-20T01:30:00 Summary Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

apache/rocketmq Vulnerability Summary Vendor name: apache Product name: rocketmq Total vulnerabilities: 1 (as 2023-05-04) apache/rocketmq Vulnerability List CVE-2019-17572: In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on… Published: 2020-05-14T17:15:00 Last Modified: 2020-05-15T18:17:00 Summary In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability.

apache/sentry Vulnerability Summary Vendor name: apache Product name: sentry Total vulnerabilities: 2 (as 2023-05-04) apache/sentry Vulnerability List CVE-2018-8028: An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by… Published: 2018-08-23T15:29:00 Last Modified: 2019-10-03T00:03:00 Summary An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. This can allow an attacker unauthorized access to the partitioned data of a Sentry protected table and can allow an attacker to remove data from a Sentry protected table.

apache/tomcat Vulnerability Summary Vendor name: apache Product name: tomcat Total vulnerabilities: 201 (as 2023-05-04) apache/tomcat Vulnerability List CVE-2022-23181: The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache… Published: 2022-01-27T13:15:00 Last Modified: 2022-02-02T17:04:00 Summary The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using.

apache/xerces-c Vulnerability Summary Vendor name: apache Product name: xerces-c Total vulnerabilities: 10 (as 2023-05-04) apache/xerces-c Vulnerability List CVE-2018-1311: The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during… Published: 2019-12-18T20:15:00 Last Modified: 2022-02-07T16:15:00 Summary The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing.

apache/zookeeper Vulnerability Summary Vendor name: apache Product name: zookeeper Total vulnerabilities: 9 (as 2023-05-04) apache/zookeeper Vulnerability List CVE-2021-34429: For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted… Published: 2021-07-15T17:15:00 Last Modified: 2022-02-07T16:16:00 Summary For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

auth0/auth0 Vulnerability Summary Vendor name: auth0 Product name: auth0 Total vulnerabilities: 8 (as 2023-05-04) auth0/auth0 Vulnerability List CVE-2020-15125: In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be… Published: 2020-07-29T17:15:00 Last Modified: 2021-04-28T17:08:00 Summary In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer token.

lua-openssl_project/lua-openssl Vulnerability Summary Vendor name: lua-openssl_project Product name: lua-openssl Total vulnerabilities: 3 (as 2023-05-04) lua-openssl_project/lua-openssl Vulnerability List CVE-2020-9433: openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because… Published: 2020-02-27T23:15:00 Last Modified: 2020-02-28T16:32:00 Summary openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. Common Weakness Enumeration (CWE): CWE-295: Improper Certificate Validation CWE Description: The software does not validate, or incorrectly validates, a certificate.

nginx/nginx Vulnerability Summary Vendor name: nginx Product name: nginx Total vulnerabilities: 9 (as 2023-05-04) nginx/nginx Vulnerability List CVE-2019-20372: NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as… Published: 2020-01-09T21:15:00 Last Modified: 2021-09-22T00:15:00 Summary NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

node-openssl_project/node-openssl Vulnerability Summary Vendor name: node-openssl_project Product name: node-openssl Total vulnerabilities: 1 (as 2023-05-04) node-openssl_project/node-openssl Vulnerability List CVE-2017-16064: node-openssl was a malicious module published with the intent to hijack environment variables. It… Published: 2018-06-07T02:29:00 Last Modified: 2019-10-09T23:24:00 Summary node-openssl was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

openssl_project/openssl Vulnerability Summary Vendor name: openssl_project Product name: openssl Total vulnerabilities: 2 (as 2023-05-04) openssl_project/openssl Vulnerability List CVE-2018-20997: An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in… Published: 2019-08-26T18:15:00 Last Modified: 2019-08-30T12:41:00 Summary An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. Common Weakness Enumeration (CWE): CWE-416: Use After Free CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

openssl/openssl Vulnerability Summary Vendor name: openssl Product name: openssl Total vulnerabilities: 213 (as 2023-05-04) openssl/openssl Vulnerability List CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms… Published: 2022-01-28T22:15:00 Last Modified: 2022-02-07T15:24:00 Summary There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys.

pyopenssl_project/pyopenssl Vulnerability Summary Vendor name: pyopenssl_project Product name: pyopenssl Total vulnerabilities: 1 (as 2023-05-04) pyopenssl_project/pyopenssl Vulnerability List CVE-2018-1000808: Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to… Published: 2018-10-08T15:29:00 Last Modified: 2021-08-04T17:14:00 Summary Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted.

pyopenssl/pyopenssl Vulnerability Summary Vendor name: pyopenssl Product name: pyopenssl Total vulnerabilities: 1 (as 2023-05-04) pyopenssl/pyopenssl Vulnerability List CVE-2018-1000807: Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use… Published: 2018-10-08T15:29:00 Last Modified: 2021-08-04T17:14:00 Summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.

redhat/amq_online Vulnerability Summary Vendor name: redhat Product name: amq_online Total vulnerabilities: 2 (as 2023-05-04) redhat/amq_online Vulnerability List CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace… Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00 Summary It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

redhat/amq Vulnerability Summary Vendor name: redhat Product name: amq Total vulnerabilities: 7 (as 2023-05-04) redhat/amq Vulnerability List CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace… Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00 Summary It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

redhat/ansible_engine Vulnerability Summary Vendor name: redhat Product name: ansible_engine Total vulnerabilities: 26 (as 2023-05-04) redhat/ansible_engine Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/ansible_tower Vulnerability Summary Vendor name: redhat Product name: ansible_tower Total vulnerabilities: 65 (as 2023-05-04) redhat/ansible_tower Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/ansible Vulnerability Summary Vendor name: redhat Product name: ansible Total vulnerabilities: 105 (as 2023-05-04) redhat/ansible Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/enterprise_linux Vulnerability Summary Vendor name: redhat Product name: enterprise_linux Total vulnerabilities: 2390 (as 2023-05-04) redhat/enterprise_linux Vulnerability List CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in… Published: 2022-02-04T23:15:00 Last Modified: 2022-02-09T20:00:00 Summary A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

redhat/etcd Vulnerability Summary Vendor name: redhat Product name: etcd Total vulnerabilities: 6 (as 2023-05-04) redhat/etcd Vulnerability List CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for… Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00 Summary In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint.

redhat/fedora_core Vulnerability Summary Vendor name: redhat Product name: fedora_core Total vulnerabilities: 83 (as 2023-05-04) redhat/fedora_core Vulnerability List CVE-2008-2944: Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat… Published: 2008-06-30T21:41:00 Last Modified: 2022-02-07T19:50:00 Summary Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

redhat/fedora Vulnerability Summary Vendor name: redhat Product name: fedora Total vulnerabilities: 526 (as 2023-05-04) redhat/fedora Vulnerability List CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such… Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00 Summary AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

redhat/openssl Vulnerability Summary Vendor name: redhat Product name: openssl Total vulnerabilities: 28 (as 2023-05-04) redhat/openssl Vulnerability List CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x… Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00 Summary An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true.

ruby-lang/openssl Vulnerability Summary Vendor name: ruby-lang Product name: openssl Total vulnerabilities: 2 (as 2023-05-04) ruby-lang/openssl Vulnerability List CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x… Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00 Summary An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true.

All the Common Weakness Enumeration (CWE) list in a single page. CWE is a catalog of vulnerabilities found in both software and hardware, created by the community. Its purpose is to provide a standardized vocabulary, establish a benchmark for security tools, and serve as a foundation for identifying, mitigating, and preventing weaknesses. CWE-2: 7PK - Environment Status: Draft Weakness Abstractions: Category This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).

The latest CVE Vulnerability list for popular products auth0 auth0/auth0 apache apache/http_server apache/hadoop apache/harmony apache/groovy apache/activemq apache/apr apache/apr-util apache/maven apache/log4j apache/log4net apache/lucene apache/mod_fcgid apache/mod_imap apache/mod_jk apache/mod_perl apache/mod_python apache/rocketmq apache/sentry apache/tomcat apache/xerces-c apache/zookeeper apache/hbase apache/hive apache-ssl apache-ssl/apache-ssl lua-openssl_project lua-openssl_project/lua-openssl nginx nginx/nginx node-openssl_project node-openssl_project/node-openssl openssl_project openssl_project/openssl openssl openssl/openssl pyopenssl_project pyopenssl_project/pyopenssl pyopenssl pyopenssl/pyopenssl redhat redhat/amq redhat/amq_online redhat/ansible redhat/ansible_engine redhat/ansible_tower redhat/enterprise_linux redhat/etcd redhat/fedora redhat/fedora_core redhat/openssl ruby-lang ruby-lang/openssl

The latest CVE Vulnerability list for popular products of apache apache/http_server apache/hadoop apache/harmony apache/groovy apache/activemq apache/apr apache/apr-util apache/maven apache/log4j apache/log4net apache/lucene apache/mod_fcgid apache/mod_imap apache/mod_jk apache/mod_perl apache/mod_python apache/rocketmq apache/sentry apache/tomcat apache/xerces-c apache/zookeeper apache/hbase apache/hive See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of apache-ssl apache-ssl/apache-ssl See also: All the last popular products CVE vulnerabilities