VYPR

apk package

chainguard/cassandra-reaper-jre-bcfips

pkg:apk/chainguard/cassandra-reaper-jre-bcfips

Vulnerabilities (12)

  • CVE-2024-12801LowDec 19, 2024
    affected < 3.7.1-r1fixed 3.7.1-r1

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE

  • CVE-2024-12798MedDec 19, 2024
    affected < 3.7.1-r1fixed 3.7.1-r1

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en

  • CVE-2024-47535Nov 12, 2024
    affected < 3.7.0-r0fixed 3.7.0-r0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-8184Oct 14, 2024
    affected < 3.7.1-r1fixed 3.7.1-r1

    There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's

  • CVE-2024-9823Oct 14, 2024
    affected < 3.7.1-r1fixed 3.7.1-r1

    There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the s

  • CVE-2024-29131Mar 21, 2024
    affected < 3.5.0-r2fixed 3.5.0-r2

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-29133Mar 21, 2024
    affected < 3.5.0-r2fixed 3.5.0-r2

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2023-2976Jun 14, 2023
    affected < 3.7.1-r1fixed 3.7.1-r1

    Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to

  • CVE-2022-41854Nov 11, 2022
    affected < 3.7.1-r2fixed 3.7.1-r2

    Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service

  • CVE-2022-38752Sep 5, 2022
    affected < 3.7.1-r2fixed 3.7.1-r2

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

  • CVE-2020-8908Dec 10, 2020
    affected < 3.7.1-r1fixed 3.7.1-r1

    A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the

  • CVE-2015-0886Feb 28, 2015
    affected < 3.7.1-r1fixed 3.7.1-r1

    Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.