Apollo
by Apolloconfig
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-1351 | 0.03 | — | 0.06 | Apr 21, 2009 | Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file. | |||
| CVE-2024-43397 | 0.00 | — | 0.00 | Aug 20, 2024 | Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue… | |||
| CVE-2024-42662 | 0.00 | — | 0.01 | Aug 20, 2024 | An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. | |||
| CVE-2023-30959 | 0.00 | — | 0.00 | Sep 26, 2023 | In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | |||
| CVE-2023-25570 | 0.00 | — | 0.01 | Feb 20, 2023 | Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service.… | |||
| CVE-2023-25569 | 0.00 | — | 0.00 | Feb 20, 2023 | Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the… | |||
| CVE-2015-10043 | 0.00 | — | 0.01 | Jan 14, 2023 | A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this… |
- CVE-2009-1351Apr 21, 2009risk 0.03cvss —epss 0.06
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
- CVE-2024-43397Aug 20, 2024risk 0.00cvss —epss 0.00
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue…
- CVE-2024-42662Aug 20, 2024risk 0.00cvss —epss 0.01
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
- CVE-2023-30959Sep 26, 2023risk 0.00cvss —epss 0.00
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.
- CVE-2023-25570Feb 20, 2023risk 0.00cvss —epss 0.01
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service.…
- CVE-2023-25569Feb 20, 2023risk 0.00cvss —epss 0.00
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the…
- CVE-2015-10043Jan 14, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this…