[
https://issues.apache.org/jira/browse/SOLR-13109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
RobertHathaway updated SOLR-13109:
--
Description:
Threat Level 9/Critical from Sonatype Application Composition Report run Of
Solr
[
https://issues.apache.org/jira/browse/SOLR-13109?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
RobertHathaway updated SOLR-13109:
--
Summary: CVE-2015-1832 Threat Level 9 Against Solr v7.6. org.apache.derby
: derby : 10.9.1.0.
RobertHathaway created SOLR-13114:
-
Summary: CVE-2018-8009 Threat Level 7 Against Solr v7.6.
org.apache.hadoop : hadoop-common : 2.7.4. Apache Hadoop 3.1.0, 3.0.0-alpha to
3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to
RobertHathaway created SOLR-13115:
-
Summary: CVE-2012-0881(CVE-2013-4002) Threat Level 7 Against Solr
v7.6. xerces : xercesImpl : 2.9.1. Apache Xerces2 Java Parser before 2.12.0
allows remote attackers to cause a denial of service (CPU
RobertHathaway created SOLR-13109:
-
Summary: CVE-2015-1832 Against Solr v7.6
Key: SOLR-13109
URL: https://issues.apache.org/jira/browse/SOLR-13109
Project: Solr
Issue Type: Bug
RobertHathaway created SOLR-13112:
-
Summary: CVE-2018-14718 Threat Level 8 Against Solr v7.6.
com.fasterxml.jackson.core : jackson-databind : 2.9.6. FasterXML
jackson-databind 2.x before 2.9.7 might allow remote attackers to execute
arbitrary
RobertHathaway created SOLR-13113:
-
Summary: CVE-2018-1000632 Threat Level 7 Against Solr v7.6.
dom4j : dom4j : 1.6.1. dom4j version prior to version 2.1.1 contains a CWE-91:
XML Injection vulnerability in Class: Element. Methods: addElement,
RobertHathaway created SOLR-13110:
-
Summary: CVE-2017-7525 Threat Level 9 Against Solr v7.6.
org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was
discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1
RobertHathaway created SOLR-13111:
-
Summary: CVE-2017-1000190 Threat Level 9 Against Solr v7.6.
org.simpleframework : simple-xml : 2.7.1. SimpleXML (latest version 2.7.1) is
vulnerable to an XXE vulnerability resulting SSRF, information
[
https://issues.apache.org/jira/browse/SOLR-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16733578#comment-16733578
]
RobertHathaway commented on SOLR-13112:
---
5 Total CVE's Against jackson-databind : 2.9.6
[
https://issues.apache.org/jira/browse/SOLR-13112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
RobertHathaway updated SOLR-13112:
--
Summary: CVE-2018-14718(-14719),sonatype-2017-0312, CVE-2018-14720(-14721)
Threat Level 8
11 matches
Mail list logo