Page 2 of 20 results (0.008 seconds)

CVSS: 7.5EPSS: 30%CPEs: 4EXPL: 1

CVE-2019-0194 – camel: Directory traversal in file producer

https://notcve.org/view.php?id=CVE-2019-0194

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected. El archivo de Apache Camel es vulnerable a un salto de directorio. Camel versiones desde 2.21.0 hasta 2.21.3, desde 2.22.0 hasta 2.22.2, 2.23.0 y las versiones 2.x (2.19 y anteriores) sin soporte también pueden verse afectadas. • http://www.openwall.com/lists/oss-security/2019/04/30/2 http://www.securityfocus.com/bid/108181 https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f%40%3Cusers.camel.apache.org%3E https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6%40& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.3EPSS: 2%CPEs: 3EXPL: 0

CVE-2018-8041 – camel-mail: path traversal vulnerability

https://notcve.org/view.php?id=CVE-2018-8041

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal. Apache Camel's Mail, desde la versión 2.20.0 hasta la 2.20.3, de la versión 2.21.0 hasta la 2.21.1 y desde la 2.22.0 es vulnerable a un salto de directorio. • http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2 http://www.securityfocus.com/bid/105352 https://access.redhat.com/errata/RHSA-2018:3768 https://issues.apache.org/jira/browse/CAMEL-12630 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-8027

https://notcve.org/view.php?id=CVE-2018-8027

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor. Apache Camel, de la versión 2.20.0 a la 2.20.3 y en la versión 2.21.0 Core es vulnerable a XEE (XML External Entity) en el procesador de validación XSD. • http://camel.apache.org/security-advisories.data/CVE-2018-8027.txt.asc http://www.securityfocus.com/bid/104933 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/77f596fc63e63c2e9adcff3c34759b32c225cf0b582aedb755adaade%40%3Cdev.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-12633 – camel-hessian: Apache Camel's Hessian unmarshalling operation is vulnerable to Remote Code Execution attacks

https://notcve.org/view.php?id=CVE-2017-12633

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-hessian en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a security vulnerability via camel-hessian component. • http://camel.apache.org/security-advisories.data/CVE-2017-12633.txt.asc http://www.securityfocus.com/bid/101874 https://access.redhat.com/errata/RHSA-2018:0319 https://issues.apache.org/jira/browse/CAMEL-11923 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/security/cve/CVE-2017-12633 https:/ • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2017-12634 – camel-castor: Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks

https://notcve.org/view.php?id=CVE-2017-12634

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws. El componente camel-castor en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad. It was found that Apache Camel contains a security vulnerability via camel-castor component. • http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc http://www.securityfocus.com/bid/101876 https://access.redhat.com/errata/RHSA-2018:0319 https://issues.apache.org/jira/browse/CAMEL-11929 https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://access.redhat.com/security/cve/CVE-2017-12634 https:/ • CWE-502: Deserialization of Untrusted Data •