VYPR

Apache

by Apache

Source repositories

CVEs (202)

  • CVE-2024-32007Jul 19, 2024
    risk 0.00cvss epss 0.01

    An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 

  • CVE-2024-29736Jul 19, 2024
    risk 0.00cvss epss 0.01

    A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

  • CVE-2024-37389Jul 8, 2024
    risk 0.00cvss epss 0.24

    Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code,…

  • CVE-2023-35701May 3, 2024
    risk 0.00cvss epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The…

  • CVE-2024-32638May 2, 2024
    risk 0.00cvss epss 0.01

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the…

  • CVE-2024-28752Mar 15, 2024
    risk 0.00cvss epss 0.06

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding)…

  • CVE-2023-50291Feb 9, 2024
    risk 0.00cvss epss 0.03

    Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to…

  • CVE-2023-50292Feb 9, 2024
    risk 0.00cvss epss 0.03

    Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to…

  • CVE-2023-50298Feb 9, 2024
    risk 0.00cvss epss 0.02

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. Solr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost"…

  • CVE-2024-23452Feb 8, 2024
    risk 0.00cvss epss 0.02

    Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is…

  • CVE-2023-50290Jan 15, 2024
    risk 0.00cvss epss 0.69

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the…

  • CVE-2023-49145Nov 27, 2023
    risk 0.00cvss epss 0.01

    Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits…

  • CVE-2023-45757Oct 16, 2023
    risk 0.00cvss epss 0.01

    Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. An attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page. Solution (choose one of…

  • CVE-2022-46751Aug 21, 2023
    risk 0.00cvss epss 0.02

    Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own…

  • CVE-2023-40037Aug 18, 2023
    risk 0.00cvss epss 0.02

    Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL…

  • CVE-2023-36542Jul 29, 2023
    risk 0.00cvss epss 0.02

    Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new…

  • CVE-2023-32200Jul 12, 2023
    risk 0.00cvss epss 0.01

    There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.

  • CVE-2023-34150Jul 5, 2023
    risk 0.00cvss epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.

  • CVE-2023-34212Jun 12, 2023
    risk 0.00cvss epss 0.02

    The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from…

  • CVE-2023-31039May 8, 2023
    risk 0.00cvss epss 0.02

    Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the…

Page 7 of 11