Svi - CERT CVE

Rezultati pretraživanja za 'Od datuma: 10.07.2026., Proizvođač: apache'

ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2026-26032 5.4 The PackagerResolver of Apache Ivy is able to download online artifacts and to (re)package them in a format defined by a packager.xml file. This repackaging is done by an Ant script, which is stored in a subdirectory of the configured "buildRoot" dir 2026-07-16 02:57:40
CVE-2026-35152 8.8 A SQL Injection vulnerability exists in Apache Fineract's Report Execution API (runreports endpoint) in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing 2026-07-15 20:16:32
CVE-2026-56287 8.1 A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API (GET /api/v1/clients) in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient 2026-07-15 20:15:42
CVE-2026-57821 8.1 A SQL Injection vulnerability exists in Apache Fineract's Office Search API (GET /api/v1/offices) in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authen 2026-07-15 20:15:16
CVE-2026-62393 4.3 Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kylin. Improper authorization in job information retrieval, where an attacker may get access to unauthorized jobs in other projects. This issue affects Apache Kylin: 2026-07-15 16:16:50
CVE-2026-49488 6.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OpenMeetings. This issue affects Apache OpenMeetings: from 5.0.0 before 9.1.0. An attacker with moderator rights in any room can read arbitrary fi 2026-07-15 16:16:47
CVE-2026-62392 9.8 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users 2026-07-15 05:17:25
CVE-2026-58065 8.1 The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can imperson 2026-07-14 01:08:34
CVE-2026-59245 8.1 In the Apache Airflow FAB auth manager, a DAG whose `dag_id` is `DAGs` collided with the global all-DAGs permission resource name produced by `resource_name()`, so a user granted per-DAG `access_control` on that one DAG was silently granted the globa 2026-07-14 01:07:30
CVE-2026-41041 9.1 URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue. 2026-07-13 22:24:21
ID CVSS Sažetak Zadnje ažurirano Objavljeno
CVE-2018-4451 9.3 This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. 2020-10-30 02:01:00
CVE-2019-8712 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00
CVE-2019-8709 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iOS 13. An application may be abl 2021-07-21 11:39:00
CVE-2019-8824 9.3 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with kernel privileges 2021-07-21 11:39:00
CVE-2018-4452 9.3 A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Se 2020-10-30 02:00:00
CVE-2019-8716 10.0 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. An application may be able to execute arbitrary code with system privileges. 2021-07-21 11:39:00
CVE-2019-8836 9.3 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00
CVE-2019-8740 9.3 A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges. 2021-07-21 11:39:00
CVE-2020-27976 10.0 osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. 2020-10-29 23:35:00
CVE-2019-8539 9.3 A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary co 2020-10-30 15:13:00
Stranica
/2
Zapisa po stranici: