/sicsdocs/releases/22.1/cve_security_reports/ Recent content in CVE security reports on Hugo -- gohugo.io /sicsdocs/releases/22.1/cve_security_reports/sics_adh_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_adh_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_api_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_api_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_batch_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_batch_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_desktop_app/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_desktop_app/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_emessaging_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_emessaging_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_java_launcher/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_java_launcher/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 22.03.2022, 03:47:02 UTC, using dependency-check version: 6.5.0. /sicsdocs/releases/22.1/cve_security_reports/sics_naming_service/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_naming_service/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-28170 In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. CWE-20 MEDIUM MEDIUM jakarta.el-api-3.0.2.jar CVE-2021-41182 jQuery-UI is the official jQuery user interface library. Prior to version 1. /sicsdocs/releases/22.1/cve_security_reports/sics_operational_reporting_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_operational_reporting_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency 1065265 This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. /sicsdocs/releases/22.1/cve_security_reports/sics_operational_reporting_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_operational_reporting_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2020-13955 HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. /sicsdocs/releases/22.1/cve_security_reports/sics_search_server/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_search_server/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-43797 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. /sicsdocs/releases/22.1/cve_security_reports/sics_search_solr_node/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_search_solr_node/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. Name Description CWE CVSS v2.0 Severity CVSS v3.0 Severity Dependency CVE-2021-38542 Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information. CWE-77 MEDIUM MEDIUM apache-mime4j-core-0. /sicsdocs/releases/22.1/cve_security_reports/sics_docs/ Mon, 01 Jan 0001 00:00:00 +0000 /sicsdocs/releases/22.1/cve_security_reports/sics_docs/ The report contains data retrieved from the National Vulnerability Database: https://nvd.nist.gov, NPM Public Advisories: https://www.npmjs.com/advisories, and the RetireJS community. No vulnerable dependencies found. This report was generated 22.03.2022, 03:49:51 UTC, using dependency-check version: 6.5.0.