Lucene search
K

455 matches found

Vulnrichment
Vulnrichment
added 2023/08/09 6:57 a.m.29 views

CVE-2022-47185 Apache Traffic Server: Invalid Range header causes a crash

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1...

8.3AI score0.01492EPSS
Exploits0References4
OSV
OSV
added 2023/08/05 9:30 a.m.14 views

GHSA-269X-PG5C-5XGM Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

8.8CVSS8.8AI score0.0236EPSS
Exploits0References7
CVE
CVE
added 2023/08/05 6:47 a.m.97 views

CVE-2023-39508

The CVE-2023-39508 issue affects Apache Airflow prior to 2.6.0, where the Run Task feature could be exploited by an authenticated user to execute code in the webserver context and bypass DAG access restrictions, exposing sensitive information and potentially impacting confidentiality, integrity, ...

8.8CVSS8.8AI score0.0236EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/25 8:15 a.m.22 views

CVE-2023-34434

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5CVSS7.2AI score0.01323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/07/25 7:9 a.m.19 views

CVE-2023-34434 Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8....

7.5AI score0.01323EPSS
Exploits0References3
CVE
CVE
added 2023/07/25 7:9 a.m.77 views

CVE-2023-34434

CVE-2023-34434 affects Apache InLong (versions 1.4.0–1.7.0). It is a deserialization of untrusted data vulnerability that could bypass logic and read arbitrary files. The remediation is to upgrade to InLong 1.8.0 or apply the patch from PR 8130. Connected sources corroborate the affected versions...

7.5CVSS7.5AI score0.01323EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/25 7:8 a.m.29 views

CVE-2023-34189 Apache InLong: General user can delete and update process

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to...

6.6AI score0.00933EPSS
Exploits0References2
CVE
CVE
added 2023/07/25 7:8 a.m.72 views

CVE-2023-34189

CVE-2023-34189 affects Apache InLong versions 1.4.0–1.7.0. The issue is a permission-check flaw that allows a general user to delete or update processes, which should be admin-only. Remediation is to upgrade to InLong 1.8.0 or apply the patch from PR #8109 (linked in sources). Connected sources c...

6.5CVSS6.3AI score0.00933EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/13 9:30 a.m.22 views

Apache Airflow Apache Hive Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...

8.8CVSS9.1AI score0.01151EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/13 8:15 a.m.14 views

CVE-2023-37415

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...

8.8CVSS9.1AI score0.01151EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/13 7:35 a.m.32 views

CVE-2023-37415 Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...

9.4AI score0.01151EPSS
Exploits0References2
CVE
CVE
added 2023/07/13 7:35 a.m.79 views

CVE-2023-37415

CVE-2023-37415 is an Improper Input Validation vulnerability affecting the Apache Airflow Hive Provider (versions before 6.1.2). The issue arises from input validation around the proxy_user option, which can permit semicolon injection, enabling an attacker to impact confidentiality, integrity, an...

8.8CVSS9.1AI score0.01151EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/12 12:31 p.m.23 views

GHSA-G9CV-V3V4-3H8R Apache Pulsar Incorrect Authorization vulnerability

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

9.6CVSS9.2AI score0.00733EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/12 12:31 p.m.26 views

Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

8.2CVSS6.5AI score0.0058EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/12 12:31 p.m.28 views

Apache Pulsar Broker Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

6.5CVSS7.1AI score0.00722EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/12 9:10 a.m.35 views

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

8.2CVSS8.3AI score0.0058EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/07/12 9:10 a.m.19 views

CVE-2023-30428 Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role. This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from...

8.2CVSS6.7AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2023/07/12 9:10 a.m.76 views

CVE-2023-30428

CVE-2023-30428: Apache Pulsar Broker Rest Producer improper authorization allows an authenticated user with a custom HTTP header to produce messages to any topic using the broker’s admin role. Affected: Pulsar Brokers 2.9.0–2.9.5; 2.10.0–2.10.3; 2.11.0. Exploitation requires direct broker access ...

8.2CVSS8AI score0.0058EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/12 9:8 a.m.82 views

CVE-2023-30429

CVE-2023-30429 - Apache Pulsar Incorrect Authorization : Affects Pulsar Function Worker when connecting through a Pulsar Proxy with mTLS; the worker uses the Proxy’s role for authorization instead of the client’s, enabling privilege escalation. Affected: Pulsar Function Worker versions before 2.1...

9.6CVSS9.2AI score0.00733EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/12 9:7 a.m.38 views

CVE-2023-31007 Apache Pulsar: Broker does not always disconnect client when authentication data expires

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a...

6.9AI score0.00722EPSS
Exploits0References1
Rows per page
Query Builder