VYPR

apk package

wolfi/druid

pkg:apk/wolfi/druid

Vulnerabilities (111)

  • CVE-2025-24970Feb 10, 2025
    affected < 32.0.0-r5fixed 32.0.0-r5

    Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cas

  • CVE-2024-53990CriDec 2, 2024
    affected < 34.0.0-r6fixed 34.0.0-r6

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Coo

  • CVE-2024-31141Nov 19, 2024
    affected < 31.0.0-r2fixed 31.0.0-r2

    Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apa

  • CVE-2024-47535Nov 12, 2024
    affected < 31.0.0-r2fixed 31.0.0-r2

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-8184Oct 14, 2024
    affected < 31.0.0-r1fixed 31.0.0-r1

    There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's

  • CVE-2024-6763Oct 14, 2024
    affected < 35.0.0-r0fixed 35.0.0-r0

    Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs fro

  • CVE-2024-23454Sep 25, 2024
    affected < 37.0.0-r6fixed 37.0.0-r6

    Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content. This is because, on unix-like systems, the system temporary directory is shared bet

  • CVE-2024-45384Sep 17, 2024
    affected < 30.0.1-r0fixed 30.0.1-r0

    Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid inst

  • CVE-2024-35255Jun 11, 2024
    affected < 32.0.1-r1fixed 32.0.1-r1

    Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

  • CVE-2024-36114HigMay 29, 2024
    affected < 32.0.1-r1fixed 32.0.1-r1

    Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memor

  • CVE-2024-30171MedMay 14, 2024
    affected < 37.0.0-r8fixed 37.0.0-r8

    An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

  • CVE-2024-29857HigMay 14, 2024
    affected < 37.0.0-r8fixed 37.0.0-r8

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during

  • CVE-2024-34447HigMay 3, 2024
    affected < 37.0.0-r8fixed 37.0.0-r8

    An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explici

  • CVE-2024-29025Mar 25, 2024
    affected < 37.0.0-r8fixed 37.0.0-r8

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2024-29131Mar 21, 2024
    affected < 37.0.0-r14fixed 37.0.0-r14

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-29133Mar 21, 2024
    affected < 37.0.0-r14fixed 37.0.0-r14

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-25710Feb 19, 2024
    affected < 37.0.0-r14fixed 37.0.0-r14

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 37.0.0-r14fixed 37.0.0-r14

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2023-52428Feb 11, 2024
    affected < 37.0.0-r14fixed 37.0.0-r14

    In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

  • CVE-2023-50298Feb 9, 2024
    affected < 32.0.1-r1fixed 32.0.1-r1

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.

Page 4 of 6