#apache

Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI. This issue affects Apache Zeppelin from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin. This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.

Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators (e.g `..`), attackers can see the contents for any files in the filesystem that the server account can access.  This issue affects Apache Zeppelin from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.

Jasmin Ransomware version 1.1 suffers from an arbitrary file read vulnerability.

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.

This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. This impact analysis assumes that Pulsar has been configured with the default authorization provider. For custom authorization providers, the impact could be slightly different. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.6, from 2.11.0 to 2.11...

Computer Laboratory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Blood Bank version 1.0 suffers from a persistent cross site scripting vulnerability.

Online Hotel Booking in PHP version 1.0 suffers from a remote blind SQL injection vulnerability.