Filtered by vendor Apache
Subscribe
Total
1977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17526 | 1 Apache | 1 Airflow | 2022-04-26 | 3.5 LOW | 7.7 HIGH |
| Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. | |||||
| CVE-2021-30468 | 2 Apache, Oracle | 5 Cxf, Tomee, Business Intelligence and 2 more | 2022-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. | |||||
| CVE-2021-42250 | 1 Apache | 1 Superset | 2022-04-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs. | |||||
| CVE-2019-10099 | 1 Apache | 1 Spark | 2022-04-22 | 4.3 MEDIUM | 7.5 HIGH |
| Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in Pyspark, using broadcast and parallelize; and use of python udfs. | |||||
| CVE-2019-0223 | 2 Apache, Redhat | 11 Qpid, Enterprise Linux Desktop, Enterprise Linux Eus and 8 more | 2022-04-22 | 5.8 MEDIUM | 7.4 HIGH |
| While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. | |||||
| CVE-2019-10241 | 4 Apache, Debian, Eclipse and 1 more | 7 Activemq, Drill, Debian Linux and 4 more | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | |||||
| CVE-2019-10071 | 1 Apache | 1 Tapestry | 2022-04-22 | 6.8 MEDIUM | 9.8 CRITICAL |
| The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead. | |||||
| CVE-2020-11988 | 2 Apache, Fedoraproject | 2 Xmlgraphics Commons, Fedora | 2022-04-22 | 6.4 MEDIUM | 8.2 HIGH |
| Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later. | |||||
| CVE-2020-13959 | 2 Apache, Debian | 2 Velocity Tools, Debian Linux | 2022-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. | |||||
| CVE-2018-21234 | 2 Apache, Jodd | 2 Hive, Jodd | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. | |||||
| CVE-2017-7668 | 6 Apache, Apple, Debian and 3 more | 13 Http Server, Mac Os X, Debian Linux and 10 more | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value. | |||||
| CVE-2022-27479 | 1 Apache | 1 Superset | 2022-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses this issue. | |||||
| CVE-2012-5351 | 1 Apache | 1 Axis2 | 2022-04-19 | 6.4 MEDIUM | N/A |
| Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418. | |||||
| CVE-2017-12629 | 4 Apache, Canonical, Debian and 1 more | 5 Solr, Ubuntu Linux, Debian Linux and 2 more | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. | |||||
| CVE-2017-5641 | 2 Apache, Hp | 2 Flex Blazeds, Xp Command View Advanced Edition | 2022-04-19 | 7.5 HIGH | 9.8 CRITICAL |
| Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution. | |||||
| CVE-2017-17837 | 1 Apache | 1 Deltaspike | 2022-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. The default size of the windowId get's cut off after 10 characters (by default), so the impact might be limited. A fix got applied and released in Apache deltaspike-1.8.1. | |||||
| CVE-2020-13945 | 1 Apache | 1 Apisix | 2022-04-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. | |||||
| CVE-2019-0201 | 5 Apache, Debian, Netapp and 2 more | 11 Activemq, Drill, Zookeeper and 8 more | 2022-04-19 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. | |||||
| CVE-2017-12613 | 3 Apache, Debian, Redhat | 11 Portable Runtime, Debian Linux, Enterprise Linux Desktop and 8 more | 2022-04-18 | 3.6 LOW | 7.1 HIGH |
| When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | |||||
| CVE-2016-0762 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2022-04-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. | |||||