VYPR

Apache

by Apache

Source repositories

CVEs (202)

  • CVE-2025-48795Jul 15, 2025
    risk 0.00cvss epss 0.01

    Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing…

  • CVE-2025-46647Jul 2, 2025
    risk 0.00cvss epss 0.00

    A vulnerability of plugin openid-connect in Apache APISIX. This vulnerability will only have an impact if all of the following conditions are met: 1. Use the openid-connect plugin with introspection mode 2. The auth service connected to openid-connect provides services to…

  • CVE-2025-47436May 14, 2025
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it.…

  • CVE-2025-31672Apr 9, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names (including the path) in…

  • CVE-2024-53679Mar 25, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a…

  • CVE-2024-53678Mar 25, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache VCL. Users can modify form data submitted when requesting a new Block Allocation such that a SELECT SQL statement is modified. The data returned by the SELECT statement…

  • CVE-2025-27017Mar 12, 2025
    risk 0.00cvss epss 0.01

    Apache NiFi 1.13.0 through 2.2.0 includes the username and password used to authenticate with MongoDB in the NiFi provenance events that MongoDB components generate during processing. An authorized user with read access to the provenance events of those processors may see the…

  • CVE-2024-46910Feb 13, 2025
    risk 0.00cvss epss 0.01

    An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

  • CVE-2024-29869Jan 28, 2025
    risk 0.00cvss epss 0.00

    Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. Users…

  • CVE-2024-23953Jan 28, 2025
    risk 0.00cvss epss 0.01

    Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to…

  • CVE-2025-24814Jan 27, 2025
    risk 0.00cvss epss 0.01

    Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization…

  • CVE-2024-52012Jan 27, 2025
    risk 0.00cvss epss 0.43

    Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use…

  • CVE-2025-23184Jan 21, 2025
    risk 0.00cvss epss 0.02

    A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and…

  • CVE-2024-56512Dec 28, 2024
    risk 0.00cvss epss 0.03

    Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter…

  • CVE-2024-23945Dec 23, 2024
    risk 0.00cvss epss 0.01

    Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation.…

  • CVE-2022-41137Dec 5, 2024
    risk 0.00cvss epss 0.02

    Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments,…

  • CVE-2024-52067Nov 21, 2024
    risk 0.00cvss epss 0.01

    Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow…

  • CVE-2024-45477Oct 29, 2024
    risk 0.00cvss epss 0.01

    Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary…

  • CVE-2024-45217Oct 16, 2024
    risk 0.00cvss epss 0.01

    Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the…

  • CVE-2024-41172Jul 19, 2024
    risk 0.00cvss epss 0.01

    In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the…

Page 6 of 11