Apache News Articles
Recent news articles refferecing the vendors vulnerabilities.
Apache Fixes OFBiz Remote Code Execution Flaw
Apache has issued a fix in OFBiz (Open For Business) that addresses an unauthenticated remote code execution bug.
1 week ago
Apache OFBiz patches new critical remote code execution flaw
The vulnerability represents a bypass of fixes put in place this year for three critical RCE flaws that had the same root cause and have since been used in attacks.
2 weeks ago
Critical Apache OFBiz RCE Vulnerability Patched CVE-2024-45195
Apache OFBiz has released a critical patch for a RCE vulnerability. Users are urged to update their installations immediately.
2 weeks ago
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
Apache OFBiz vulnerability CVE-2024-45195 patched, preventing unauthenticated remote code execution on Linux and Windows.
2 weeks ago
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
2 weeks ago
Vulnerability Recap 8/13/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
1 month ago
Vulnerability Recap 8/12/24: Windows, OpenSSH, Apache
It’s been a startling week in vulnerability news, mainly due to a few older vulnerabilities coming to light. While it doesn’t look like they’ve been
1 month ago
CVE-2024-21733 - Tomitribe
Severity3.1 Description Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11...
1 month ago
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz.
1 month ago
【威胁预警】IntelBroker 正在出售 NPM 和 GitHub 访问权限,以访问一种知名的编程语言,包括私有存储库
欢迎光临! 登录 DNSlog CN-SEC中文网·在线工具 设备默认密码查询 在线工具集合 娱乐一下 友情链接 CN-SEC 中文网 聚合网络安全,存储安全技术文章,融合安全最新讯息 登录 首页 安全新闻 云安全 安全博客 安全漏洞 安全文章 逆向工程 安全开发 安全工具 安全闲碎 搜索热点...
1 month ago
RCE possible with critical Apache OFBiz zero-day
Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.
1 month ago
A new critical vulnerability in Apache OFBiz has been uncovered – here's what you need to know
SonicWall has found another major flaw in the Apache OFBiz enterprise resource planning software, marking the latest in a slew of vulnerabilities over the last year
1 month ago
Apache OFBiz RCE Vulnerability Discovered, Patch Now – Gridinsoft Blog
Cybersecurity researchers have discovered a critical zero-day vulnerability CVE-2024-38856 with CVSS score of 9.8 in Apache OFBiz.
1 month ago
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
Critical zero-day vulnerability in Apache OFBiz ERP system allows unauthorized remote code execution. Patch available for versions prior to 18.12.15.
1 month ago
Vulnerability Recap 8/5/24: Windows, VMware, Android, Apple
This week, some recently patched vulnerabilities got attention because they’re still being exploited, including Apache OfBiz and VMware eSXI hypervisors.
1 month ago
Critical Apache OfBiz Vulnerability Allows Preauth RCE
The enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide avenue into enterprise applications for cyberattackers.
1 month ago
Researchers warn of a new critical Apache OFBiz flaw
Researchers urge organizations using Apache OFBiz to address a critical bug, following reports of active exploitation of another flaw.
1 month ago
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) - Help Net Security
CVE-2024-38856 may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems.
1 month ago
CVE-2024-36268: Critical Flaw Found In Apache InLong
Given the critical nature of CVE-2024-36268 and reliance on Apache InLong across various industries, the immediate action cannot be overstated.
1 month ago
Apache Superset: Update für IT-Sicherheitswarnung (Risiko: hoch)
Für Apache Superset wurde ein Update zur IT-Sicherheitswarnung einer bekannten Schwachstelle veröffentlicht. Wie sich betroffene User verhalten sollten, erfahren Sie hier.
2 months ago
Apache Product Security Update Advisory (CVE-2024-39877, CVE-2024-41107)
OverviewApache has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.Affected ProductsCVE-2024-39877Apache-airflow version: 2.4.0Apache-airflow version: ~ 2.9.3 (excluded) CVE-2024-41107Apache CloudStack versions: 4.5.0 ...
2 months ago
💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
2 months ago
💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
2 months ago
Apache CloudStack 的重要安全公告:CVE-2024-38346 和 CVE-2024-39864
Apache 软件基金会发布了紧急安全公告,披露了两个严重漏洞(CVE-2024-38346和CVE-2024-39864),这些漏洞影响了广泛使用的开源云计算平台 Apache CloudStack。这些漏洞对使用 CloudStack 管理虚拟化基础设施的组织构成了重大风险。
2 months ago
Apache CloudStack: Warnung vor neuer IT-Sicherheitslücke
Das BSI hat einen aktuellen IT-Sicherheitshinweis für Apache CloudStack veröffentlicht. Mehr über die betroffenen Betriebssysteme und Produkte sowie CVE-Nummern erfahren Sie hier auf news.de.
2 months ago
[ADVISORY] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion | Apache CloudStack
Apache CloudStack project announces the release of LTS security releases
2 months ago
Decoding The HugeGraph Vulnerability (CVE-2024-27348)
The critical HugeGraph vulnerability (CVE-2024-27348) in Apache HugeGraph-Server leads to remote code execution.
2 months ago
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
Critical Apache HugeGraph vulnerability exploited in the wild. Urgent update required to prevent remote code execution attacks. Patch now available.
2 months ago
Apache HugeGraph-Server RCE Vulnerability Under Active Attack
Attackers are actively exploiting a critical remote code execution (RCE) vulnerability in Apache HugeGraph-Server, which is tracked as CVE-2024-27348. The vulnerability affects versions 1.0.0 to 1.3.0 of the popular open-source graph database tool.
2 months ago
Apache fixed a source code disclosure flaw in Apache HTTP Server
The Apache Foundation addressed a source code disclosure vulnerability, tracked as CVE-2024-39884, in the Apache HTTP Server.
2 months ago
Apache Tomcat'ta Kritik DoS Açığı: Binlerce Sunucu Tehlikede (CVE-2024-34750) - ÇözümPark
Apache Tomcat'ta Kritik DoS Açığı: Binlerce Sunucu Tehlikede (CVE-2024-34750)
2 months ago
ShapeBlue Security Advisory: Apache CloudStack Security Releases 4.18.2.1 and 4.19.0.2
Apache CloudStack security releases 4.18.2.1 and 4.19.0.2 address the CVEs listed below. Users are recommended to upgrade their CloudStack installations.
3 months ago
Critical Apache Tomcat Vulnerability CVE-2024-34750 Could Bring Your Server to a Halt!
Discover the details of the critical CVE-2024-34750 vulnerability in Apache Tomcat. Learn how this flaw can lead to server resource overload and Denial of Service (DoS) attacks. Stay informed and protect your systems.
3 months ago
% Apache Tomcat: Un Rischio di Denial of Service minaccia Migliaia di Server!
Vulnerabilità DoS critica in Apache Tomcat: aggiorna subito!La vulnerabilità CVE-2024-34750 in Apache Tomcat permette attacchi DoS che possono bloccare il tuo server. Aggiorna subito a 11.0.0-M21, 10.1.25 o 9.0.90 per proteggerti!
3 months ago
CVE-2024-34693 – Apache Superset Vulnerability - Rewterz
Apache Superset could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation.
3 months ago
Apache RocketMQ targeted for more extensive Muhstik botnet attacks
Vulnerable Apache RocketMQ instances impacted by the critical remote code execution bug, tracked as CVE-2023-33246, are being targeted by the Muhstik botnet to facilitate more expansive distributed denial-of-service and cryptocurrency mining intrusions, reports The Hacker News.
3 months ago
Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code
Apache RocketMQ platform is a widely used messaging system that handles high volumes of data and critical operations which often attracts
3 months ago
Эксплоиты для уязвимости Apache HugeGraph в свободном доступе
Администраторам нужно срочно обновиться, так как эксплоиты только увеличивают риск потери контроля над сервером и данными.
3 months ago
PoC Exploit Released for High Severity Apache HugeGraph RCE flaw
A proof-of-concept (PoC) exploit has been released for a high-severity RCE vulnerability in the Apache HugeGraph Server.
3 months ago
POC exploit code published for critical Apache HugeGraph bug
If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph...
3 months ago
POC exploit code published for critical Apache HugeGraph bug
If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph...
3 months ago
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Muhstik DDoS botnet is exploiting a critical vulnerability (CVE-2023-33246) in Apache RocketMQ to infect servers.
3 months ago
CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING - Cloud WAF
CVE-2024-32638 : Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.
5 months ago
Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code
Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.
5 months ago
CVE-2023-37582: Apache RocketMQ Remote Command Execution Vulnerability
On July 17, 2023, Sangfor FarSight Labs received notification about a remote command execution vulnerability in the Apache RocketMQ CVE-2023-37582.
7 months ago
CVE-2023-50386: Apache Solr Remote Code Execution Vulnerability
On February 20, 2024, Sangfor FarSight Labs received notification of the remote code execution vulnerability (CVE-2023-50386) in Apache Solr.
7 months ago