VYPR

apk package

chainguard/opensearch-2-performance-analyzer

pkg:apk/chainguard/opensearch-2-performance-analyzer

Vulnerabilities (50)

  • CVE-2024-29857HigMay 14, 2024
    affected < 2.16.0-r0fixed 2.16.0-r0

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during

  • CVE-2024-34447HigMay 3, 2024
    affected < 2.16.0-r0fixed 2.16.0-r0

    An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explici

  • CVE-2024-29025MedMar 25, 2024
    affected < 2.13.0-r0fixed 2.13.0-r0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2024-28752CriMar 15, 2024
    affected < 2.13.0-r0fixed 2.13.0-r0

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding)

  • CVE-2024-21742MedFeb 27, 2024
    affected < 2.14.0-r0fixed 2.14.0-r0

    Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

  • CVE-2024-26308MedFeb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2024-25710HigFeb 19, 2024
    affected < 2.12.0-r1fixed 2.12.0-r1

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2023-42503MedSep 14, 2023
    affected < 2.10.0-r1fixed 2.10.0-r1

    Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can

  • CVE-2023-35116MedJun 14, 2023
    affected < 0fixed 0

    jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cycli

  • CVE-2022-45146MedNov 21, 2022
    affected < 2.11.1-r1fixed 2.11.1-r1

    An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in us

Page 3 of 3