VYPR

apk package

wolfi/tez

pkg:apk/wolfi/tez

Vulnerabilities (63)

  • CVE-2025-25193Feb 10, 2025
    affected < 0fixed 0

    Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts

  • CVE-2024-12801LowDec 19, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE

  • CVE-2024-12798MedDec 19, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an en

  • CVE-2024-53990CriDec 2, 2024
    affected < 0.10.4-r8fixed 0.10.4-r8

    The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Coo

  • CVE-2024-47535Nov 12, 2024
    affected < 0fixed 0

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application

  • CVE-2024-47561Oct 3, 2024
    affected < 0.10.4-r8fixed 0.10.4-r8

    Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code. Users are recommended to upgrade to version 1.11.4  or 1.12.0, which fix this issue.

  • CVE-2024-7254Sep 19, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf

  • CVE-2024-25638HigJul 22, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0.

  • CVE-2024-30172HigMay 14, 2024
    affected < 0.10.5-r7fixed 0.10.5-r7

    An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.

  • CVE-2024-30171MedMay 14, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

  • CVE-2024-29857HigMay 14, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during

  • CVE-2024-29025Mar 25, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, t

  • CVE-2024-29131Mar 21, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-29133Mar 21, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.

  • CVE-2024-23944Mar 15, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't d

  • CVE-2024-25710Feb 19, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

  • CVE-2024-26308Feb 19, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

  • CVE-2023-52428Feb 11, 2024
    affected < 0.10.4-r6fixed 0.10.4-r6

    In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

  • CVE-2023-6378HigNov 29, 2023
    affected < 0.10.4-r6fixed 0.10.4-r6

    A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.

  • CVE-2023-39410HigSep 29, 2023
    affected < 0.10.4-r8fixed 0.10.4-r8

    When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should up