Apache

NewsSecurity Vulnerabilities

Apache Arrow R package – Arbitrary code execution when loading a malicious data file [CVE-2024-52338]

CVE number = CVE-2024-52338 Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0

Read More
NewsSecurity Vulnerabilities

Apache OFBiz resolveURI Authentication Bypass Vulnerability [CVE-2024-38856]

CVE number = CVE-2024-38856 CVSS score = 9.8 This vulnerability allows remote attackers to bypass authentication on affected installations of

Read More
NewsSecurity Vulnerabilities

Apache OFBiz createRegister Error Message Information Disclosure Vulnerability [CVE-2024-23946]

CVE number = CVE-2024-23946 This vulnerability in Apache OFBiz allows remote attackers to disclose sensitive information on affected installations of

Read More
NewsSecurity Vulnerabilities

Remote code execution vulnerability found in Apache Struts 2 [CVE-2023-50164]

Apache has issued a warning to its users regarding a critical remote code execution (RCE) vulnerability found in its widely-used

Read More
NewsSecurity Vulnerabilities

Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability [CVE-2022-40146]

CVE number – CVE-2022-40146 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache Batik. Interaction

Read More
NewsSecurity Vulnerabilities

Apache Batik DefaultExternalResourceSecurity Server-Side Request Forgery Information Disclosure Vulnerability [CVE-2022-38398]

CVE number = CVE-2022-38398 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache Batik. Interaction

Read More
NewsSecurity Vulnerabilities

Apache HTTPD Server ap_escape_html2 Integer Overflow Remote Code Execution Vulnerability [CVE-2022-22721]

CVE number – CVE-2022-22721 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apache HTTPD Server.

Read More
NewsSecurity Vulnerabilities

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability [CVE-2021-45105]

Please note that this vulnerability is not the main well known Log4j one, for further information on CVE-2021-44228 please click

Read More
NewsSecurity Vulnerabilities

Critical Apache Log4j remote code execution vulnerability [CVE-2021-44228]

A critical remote code execution vulnerability in Apache Foundation Log4j library has been discovered. This vulnerability has been dubbed Log4Shell.

Read More
NewsSecurity Vulnerabilities

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)

CVE number = CVE-2021-41773 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.

Read More