Filtered by vendor Apache
Subscribe
Total
2295 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30181 | 1 Apache | 1 Dubbo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code. | |||||
| CVE-2021-30180 | 1 Apache | 1 Dubbo | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors. | |||||
| CVE-2021-30179 | 1 Apache | 1 Dubbo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument. | |||||
| CVE-2021-30129 | 2 Apache, Oracle | 9 Sshd, Banking Payments, Banking Trade Finance and 6 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 | |||||
| CVE-2021-30128 | 1 Apache | 1 Ofbiz | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Apache OFBiz has unsafe deserialization prior to 17.12.07 version | |||||
| CVE-2021-29943 | 1 Apache | 1 Solr | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. | |||||
| CVE-2021-29621 | 2 Apache, Flask-appbuilder Project | 2 Airflow, Flask-appbuilder | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve. | |||||
| CVE-2021-29425 | 4 Apache, Debian, Netapp and 1 more | 60 Commons Io, Debian Linux, Active Iq Unified Manager and 57 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | |||||
| CVE-2021-29262 | 1 Apache | 1 Solr | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only user is configured then Solr would not treat that node as a sensitive path and would allow it to be readable. Additionally, with any ZkACLProvider, if the security.json is already present, Solr will not automatically update the ACLs. | |||||
| CVE-2021-29200 | 1 Apache | 1 Ofbiz | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack | |||||
| CVE-2021-28657 | 2 Apache, Oracle | 5 Tika, Communications Messaging Server, Healthcare Foundation and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. | |||||
| CVE-2021-28655 | 1 Apache | 1 Zeppelin | 2024-11-21 | N/A | 6.5 MEDIUM |
| The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | |||||
| CVE-2021-28544 | 4 Apache, Apple, Debian and 1 more | 4 Subversion, Macos, Debian Linux and 1 more | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. | |||||
| CVE-2021-28359 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). | |||||
| CVE-2021-28163 | 5 Apache, Eclipse, Fedoraproject and 2 more | 23 Ignite, Solr, Jetty and 20 more | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | |||||
| CVE-2021-28131 | 1 Apache | 1 Impala | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the attacker is able to execute statements for which they don't have the necessary privileges otherwise. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. Mitigation: If an Impala deployment uses Apache Sentry, Apache Ranger or audit logging, then users should upgrade to a version of Impala with the fix for IMPALA-10600. The Impala 4.0 release includes this fix. This hides session secrets from the logs to eliminate the risk of any attack using this mechanism. In lieu of an upgrade, restricting access to logs that expose secrets will reduce the risk of an attack. Restricting access to the Impala deployment to trusted users will also reduce the risk of an attack. Log redaction techniques can be used to redact secrets from the logs. | |||||
| CVE-2021-28129 | 1 Apache | 1 Openoffice | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. | |||||
| CVE-2021-28125 | 1 Apache | 1 Superset | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link. | |||||
| CVE-2021-27907 | 1 Apache | 1 Superset | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. | |||||
| CVE-2021-27906 | 3 Apache, Fedoraproject, Oracle | 19 Pdfbox, Fedora, Banking Corporate Lending Process Management and 16 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. | |||||