Vendor CVEs
Apache
All CVEs
2,550 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-17517 | 0.00 | — | 0.02 | Apr 27, 2021 | The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to… | |||
| CVE-2021-30245 | 0.00 | — | 0.05 | Apr 15, 2021 | The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is… | |||
| CVE-2021-29425 | 0.00 | — | 0.11 | Apr 13, 2021 | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus… | |||
| CVE-2021-29943 | 0.00 | — | 0.05 | Apr 13, 2021 | When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the… | |||
| CVE-2021-22696 | 0.00 | — | 0.07 | Apr 2, 2021 | CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also… | |||
| CVE-2021-28657 | 0.00 | — | 0.03 | Mar 31, 2021 | A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | |||
| CVE-2021-21373 | 0.00 | — | 0.01 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL… | |||
| CVE-2021-21374 | 0.00 | — | 0.01 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An… | |||
| CVE-2021-21372 | 0.00 | — | 0.04 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json… | |||
| CVE-2020-1946 | 0.00 | — | 0.06 | Mar 25, 2021 | In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use… | |||
| CVE-2020-13924 | 0.00 | — | 0.04 | Mar 17, 2021 | In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files. | |||
| CVE-2020-1926 | 0.00 | — | 0.02 | Mar 16, 2021 | Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8 | |||
| CVE-2021-27576 | 0.00 | — | 0.03 | Mar 15, 2021 | If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 | |||
| CVE-2020-13959 | 0.00 | — | 0.06 | Mar 10, 2021 | The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow… | |||
| CVE-2020-35451 | 0.00 | — | 0.00 | Mar 9, 2021 | There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation. | |||
| CVE-2021-27907 | 0.00 | — | 0.86 | Mar 5, 2021 | Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the… | |||
| CVE-2021-26296 | 0.00 | — | 0.03 | Feb 19, 2021 | In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although… | |||
| CVE-2021-26697 | 0.00 | — | 0.05 | Feb 17, 2021 | The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and… | |||
| CVE-2021-26559 | 0.00 | — | 0.03 | Feb 17, 2021 | Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a… | |||
| CVE-2020-13949 | 0.00 | — | 0.07 | Feb 12, 2021 | In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | |||
| CVE-2020-17522 | 0.00 | — | 0.04 | Jan 26, 2021 | When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these… | |||
| CVE-2020-17532 | 0.00 | — | 0.03 | Jan 25, 2021 | When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5 | |||
| CVE-2020-11997 | 0.00 | — | 0.01 | Jan 19, 2021 | Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP… | |||
| CVE-2021-23926 | 0.00 | — | 0.06 | Jan 14, 2021 | The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0. | |||
| CVE-2020-17509 | 0.00 | — | 0.02 | Jan 11, 2021 | ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | |||
| CVE-2020-17508 | 0.00 | — | 0.02 | Jan 11, 2021 | The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | |||
| CVE-2020-13922 | 0.00 | — | 0.02 | Jan 11, 2021 | Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface. | |||
| CVE-2020-17533 | 0.00 | — | 0.04 | Dec 29, 2020 | Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and… | |||
| CVE-2020-17526 | 0.00 | — | 0.23 | Dec 21, 2020 | Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect… | |||
| CVE-2020-17520 | 0.00 | — | 0.01 | Dec 18, 2020 | In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. | |||
| CVE-2020-17511 | 0.00 | — | 0.03 | Dec 14, 2020 | In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. | |||
| CVE-2020-17513 | 0.00 | — | 0.04 | Dec 14, 2020 | In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. | |||
| CVE-2020-17515 | 0.00 | — | 0.16 | Dec 11, 2020 | The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. | |||
| CVE-2020-17529 | 0.00 | — | 0.03 | Dec 9, 2020 | Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both… | |||
| CVE-2020-17528 | 0.00 | — | 0.03 | Dec 9, 2020 | Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet. | |||
| CVE-2020-13956 | 0.00 | — | 0.09 | Dec 2, 2020 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | |||
| CVE-2020-11990 | 0.00 | — | 0.01 | Dec 1, 2020 | We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken… | |||
| CVE-2019-12412 | 0.00 | — | 0.04 | Nov 18, 2020 | A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | |||
| CVE-2020-13958 | 0.00 | — | 0.03 | Nov 17, 2020 | A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be… | |||
| CVE-2018-20243 | 0.00 | — | 0.03 | Oct 13, 2020 | The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | |||
| CVE-2020-13943 | 0.00 | — | 0.57 | Oct 12, 2020 | If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that… | |||
| CVE-2020-13955 | 0.00 | — | 0.02 | Oct 9, 2020 | HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the… | |||
| CVE-2020-8887 | 0.00 | — | 0.01 | Sep 22, 2020 | Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page). | |||
| CVE-2020-13921 | 0.00 | — | 0.33 | Aug 5, 2020 | **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | |||
| CVE-2020-9485 | 0.00 | — | 0.02 | Jul 16, 2020 | An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI. | |||
| CVE-2020-11983 | 0.00 | — | 0.01 | Jul 16, 2020 | An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. | |||
| CVE-2020-11981 | 0.00 | — | 0.34 | Jul 16, 2020 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands. | |||
| CVE-2020-13923 | 0.00 | — | 0.05 | Jul 15, 2020 | IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | |||
| CVE-2020-13935 | 0.00 | — | 0.88 | Jul 14, 2020 | The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could… | |||
| CVE-2020-9498 | 0.00 | — | 0.01 | Jul 2, 2020 | Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing… |
- CVE-2020-17517Apr 27, 2021risk 0.00cvss —epss 0.02
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to…
- CVE-2021-30245Apr 15, 2021risk 0.00cvss —epss 0.05
The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-http(s) hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code execution. It is…
- CVE-2021-29425Apr 13, 2021risk 0.00cvss —epss 0.11
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus…
- CVE-2021-29943Apr 13, 2021risk 0.00cvss —epss 0.05
When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the…
- CVE-2021-22696Apr 2, 2021risk 0.00cvss —epss 0.07
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also…
- CVE-2021-28657Mar 31, 2021risk 0.00cvss —epss 0.03
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
- CVE-2021-21373Mar 26, 2021risk 0.00cvss —epss 0.01
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL…
- CVE-2021-21374Mar 26, 2021risk 0.00cvss —epss 0.01
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An…
- CVE-2021-21372Mar 26, 2021risk 0.00cvss —epss 0.04
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json…
- CVE-2020-1946Mar 25, 2021risk 0.00cvss —epss 0.06
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use…
- CVE-2020-13924Mar 17, 2021risk 0.00cvss —epss 0.04
In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.
- CVE-2020-1926Mar 16, 2021risk 0.00cvss —epss 0.02
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
- CVE-2021-27576Mar 15, 2021risk 0.00cvss —epss 0.03
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
- CVE-2020-13959Mar 10, 2021risk 0.00cvss —epss 0.06
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow…
- CVE-2020-35451Mar 9, 2021risk 0.00cvss —epss 0.00
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
- CVE-2021-27907Mar 5, 2021risk 0.00cvss —epss 0.86
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the…
- CVE-2021-26296Feb 19, 2021risk 0.00cvss —epss 0.03
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although…
- CVE-2021-26697Feb 17, 2021risk 0.00cvss —epss 0.05
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and…
- CVE-2021-26559Feb 17, 2021risk 0.00cvss —epss 0.03
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a…
- CVE-2020-13949Feb 12, 2021risk 0.00cvss —epss 0.07
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
- CVE-2020-17522Jan 26, 2021risk 0.00cvss —epss 0.04
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these…
- CVE-2020-17532Jan 25, 2021risk 0.00cvss —epss 0.03
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
- CVE-2020-11997Jan 19, 2021risk 0.00cvss —epss 0.01
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP…
- CVE-2021-23926Jan 14, 2021risk 0.00cvss —epss 0.06
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
- CVE-2020-17509Jan 11, 2021risk 0.00cvss —epss 0.02
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
- CVE-2020-17508Jan 11, 2021risk 0.00cvss —epss 0.02
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
- CVE-2020-13922Jan 11, 2021risk 0.00cvss —epss 0.02
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
- CVE-2020-17533Dec 29, 2020risk 0.00cvss —epss 0.04
Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not properly check the return value of some policy enforcement functions before permitting an authenticated user to perform certain administrative operations. Specifically, the return values of the 'canFlush' and…
- CVE-2020-17526Dec 21, 2020risk 0.00cvss —epss 0.23
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect…
- CVE-2020-17520Dec 18, 2020risk 0.00cvss —epss 0.01
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
- CVE-2020-17511Dec 14, 2020risk 0.00cvss —epss 0.03
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
- CVE-2020-17513Dec 14, 2020risk 0.00cvss —epss 0.04
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
- CVE-2020-17515Dec 11, 2020risk 0.00cvss —epss 0.16
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
- CVE-2020-17529Dec 9, 2020risk 0.00cvss —epss 0.03
Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying and invalid fragmentation offset value specified in the IP header. This is only impacts builds with both…
- CVE-2020-17528Dec 9, 2020risk 0.00cvss —epss 0.03
Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incubating) versions up to and including 9.1.0 and 10.0.0 allows attacker to corrupt memory by supplying arbitrary urgent data pointer offsets within TCP packets including beyond the length of the packet.
- CVE-2020-13956Dec 2, 2020risk 0.00cvss —epss 0.09
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
- CVE-2020-11990Dec 1, 2020risk 0.00cvss —epss 0.01
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken…
- CVE-2019-12412Nov 18, 2020risk 0.00cvss —epss 0.04
A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.
- CVE-2020-13958Nov 17, 2020risk 0.00cvss —epss 0.03
A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be…
- CVE-2018-20243Oct 13, 2020risk 0.00cvss —epss 0.03
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
- CVE-2020-13943Oct 12, 2020risk 0.00cvss —epss 0.57
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that…
- CVE-2020-13955Oct 9, 2020risk 0.00cvss —epss 0.02
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the…
- CVE-2020-8887Sep 22, 2020risk 0.00cvss —epss 0.01
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
- CVE-2020-13921Aug 5, 2020risk 0.00cvss —epss 0.33
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases.
- CVE-2020-9485Jul 16, 2020risk 0.00cvss —epss 0.02
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.
- CVE-2020-11983Jul 16, 2020risk 0.00cvss —epss 0.01
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.
- CVE-2020-11981Jul 16, 2020risk 0.00cvss —epss 0.34
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
- CVE-2020-13923Jul 15, 2020risk 0.00cvss —epss 0.05
IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04
- CVE-2020-13935Jul 14, 2020risk 0.00cvss —epss 0.88
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could…
- CVE-2020-9498Jul 2, 2020risk 0.00cvss —epss 0.01
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing…
Page 42 of 51