VYPR

Vendor CVEs

Apache

All CVEs

2,550 total · sorted by risk
  • CVE-2022-47937May 15, 2023
    risk 0.00cvss epss 0.02

    Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are…

  • CVE-2023-28936May 12, 2023
    risk 0.00cvss epss 0.01

    Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

  • CVE-2023-29032May 12, 2023
    risk 0.00cvss epss 0.01

    An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

  • CVE-2023-29246May 12, 2023
    risk 0.00cvss epss 0.01

    An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

  • CVE-2023-25754May 8, 2023
    risk 0.00cvss epss 0.02

    Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

  • CVE-2023-29247May 8, 2023
    risk 0.00cvss epss 0.02

    Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.

  • CVE-2023-31039May 8, 2023
    risk 0.00cvss epss 0.02

    Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the…

  • CVE-2023-31038May 8, 2023
    risk 0.00cvss epss 0.02

    SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++…

  • CVE-2021-40331May 5, 2023
    risk 0.00cvss epss 0.01

    An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger…

  • CVE-2023-26268May 2, 2023
    risk 0.00cvss epss 0.01

    Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * …

  • CVE-2022-46365May 1, 2023
    risk 0.00cvss epss 0.01

    Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow…

  • CVE-2022-45801May 1, 2023
    risk 0.00cvss epss 0.01

    Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP…

  • CVE-2022-45802May 1, 2023
    risk 0.00cvss epss 0.01

    Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark…

  • CVE-2023-22665Apr 25, 2023
    risk 0.00cvss epss 0.01

    There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.

  • CVE-2023-30776Apr 24, 2023
    risk 0.00cvss epss 0.02

    An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.

  • CVE-2023-25601Apr 20, 2023
    risk 0.00cvss epss 0.01

    On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you…

  • CVE-2023-25504Apr 17, 2023
    risk 0.00cvss epss 0.01

    A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This…

  • CVE-2023-27525Apr 17, 2023
    risk 0.00cvss epss 0.01

    An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1

  • CVE-2023-30771Apr 17, 2023
    risk 0.00cvss epss 0.01

    Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version…

  • CVE-2022-45064Apr 13, 2023
    risk 0.00cvss epss 0.01

    The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific…

  • CVE-2023-30465Apr 11, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned…

  • CVE-2023-28710Apr 7, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.

  • CVE-2023-28706Apr 7, 2023
    risk 0.00cvss epss 0.03

    Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.

  • CVE-2023-28707Apr 7, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

  • CVE-2023-26269Apr 3, 2023
    risk 0.00cvss epss 0.01

    Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward…

  • CVE-2023-28935Mar 30, 2023
    risk 0.00cvss epss 0.03

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated…

  • CVE-2023-28158Mar 29, 2023
    risk 0.00cvss epss 0.01

    Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.

  • CVE-2023-28326Mar 28, 2023
    risk 0.00cvss epss 0.01

    Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

  • CVE-2023-25197Mar 28, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components.   This issue affects apache fineract: from 1.4…

  • CVE-2023-25196Mar 28, 2023
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.   This issue affects Apache Fineract: from 1.4 through…

  • CVE-2023-25195Mar 28, 2023
    risk 0.00cvss epss 0.01

    Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through…

  • CVE-2023-27296Mar 27, 2023
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. …

  • CVE-2022-47502Mar 24, 2023
    risk 0.00cvss epss 0.01

    Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval.…

  • CVE-2022-38745Mar 24, 2023
    risk 0.00cvss epss 0.01

    Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.

  • CVE-2023-26513Mar 20, 2023
    risk 0.00cvss epss 0.01

    Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.

  • CVE-2023-25695Mar 15, 2023
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.

  • CVE-2021-34125Mar 9, 2023
    risk 0.00cvss epss 0.01

    An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.

  • CVE-2023-27522Mar 7, 2023
    risk 0.00cvss epss 0.02

    HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.

  • CVE-2023-25956Feb 24, 2023
    risk 0.00cvss epss 0.01

    Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

  • CVE-2023-25696Feb 24, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.

  • CVE-2023-25693Feb 24, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

  • CVE-2023-25692Feb 24, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

  • CVE-2023-25691Feb 24, 2023
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.

  • CVE-2023-25824Feb 23, 2023
    risk 0.00cvss epss 0.01

    Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU…

  • CVE-2023-25621Feb 23, 2023
    risk 0.00cvss epss 0.01

    Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to. As these translations are used across the whole product, it allows an author to…

  • CVE-2023-24998Feb 20, 2023
    risk 0.00cvss epss 0.47

    Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new…

  • CVE-2022-42735Feb 15, 2023
    risk 0.00cvss epss 0.01

    Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or…

  • CVE-2023-25141Feb 14, 2023
    risk 0.00cvss epss 0.01

    Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. The functions getRepository and getRepositoryFromURL allow an application to access data stored in a…

  • CVE-2023-22832Feb 10, 2023
    risk 0.00cvss epss 0.01

    The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with…

  • CVE-2022-45786Feb 4, 2023
    risk 0.00cvss epss 0.01

    There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python…

Page 37 of 51