VYPR

Apache

by Apache

Source repositories

CVEs (202)

  • CVE-2023-22665Apr 25, 2023
    risk 0.00cvss epss 0.01

    There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

  • CVE-2023-22832Feb 10, 2023
    risk 0.00cvss epss 0.01

    The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with…

  • CVE-2022-45786Feb 4, 2023
    risk 0.00cvss epss 0.01

    There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python…

  • CVE-2022-34271Dec 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

  • CVE-2022-46364Dec 13, 2022
    risk 0.00cvss epss 0.02

    A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

  • CVE-2022-46363Dec 13, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check…

  • CVE-2022-45470Nov 21, 2022
    risk 0.00cvss epss 0.01

    missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.

  • CVE-2022-45378Nov 14, 2022
    risk 0.00cvss epss 0.02

    In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even…

  • CVE-2022-37866Nov 7, 2022
    risk 0.00cvss epss 0.02

    When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which…

  • CVE-2022-37865Nov 7, 2022
    risk 0.00cvss epss 0.02

    With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when…

  • CVE-2022-32287Nov 3, 2022
    risk 0.00cvss epss 0.02

    A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version…

  • CVE-2022-42466Oct 19, 2022
    risk 0.00cvss epss 0.01

    Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. In particular, the end-user could enter javascript or similar and this would be executed.…

  • CVE-2022-42467Oct 19, 2022
    risk 0.00cvss epss 0.01

    When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of…

  • CVE-2022-40705Sep 22, 2022
    risk 0.00cvss epss 0.01

    An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also…

  • CVE-2022-36125Aug 9, 2022
    risk 0.00cvss epss 0.01

    It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue.

  • CVE-2022-36124Aug 9, 2022
    risk 0.00cvss epss 0.01

    It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version…

  • CVE-2022-35724Aug 9, 2022
    risk 0.00cvss epss 0.02

    It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which…

  • CVE-2021-34538Jul 16, 2022
    risk 0.00cvss epss 0.01

    Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an existing UDF without having the privileges to do so. This allowed unauthorized…

  • CVE-2022-33879Jun 27, 2022
    risk 0.00cvss epss 0.02

    The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.

  • CVE-2022-33140Jun 15, 2022
    risk 0.00cvss epss 0.04

    The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is…

Page 8 of 11