Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

Apache IoTDB 安全漏洞

Apache IoTDB is a time-series database management system from the Apache Software Foundation, designed for storing and analyzing massive time-series data in IoT scenarios. Apache IoTDB suffers from a security vulnerability that originates from an unauthorized access flaw in a system component. An...

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...

Apache Airflow code execution vulnerability (CNVD-2024-33592)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a code execution vulnerability that can be exploited by...

Apache Zeppelin Code Injection Vulnerability

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that can be exploited by an attacker to use the Shell interpret...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17934)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

Apache Zeppelin Code Execution Vulnerability

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has a code execution vulnerability that can be exploited by an attacker to execute shell scripts or malicio...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17935)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to cause a denial of servi...

Apache Zeppelin Security Bypass Vulnerability

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a full bypass vulnerability that can be exploited by an attacker to bypass authentication by...

Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...

Apache Fineract SQL Injection Vulnerability (CNVD-2024-16106)

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...

Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)

Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...

Apache Superset Resource Management Error Vulnerability (CNVD-2024-14775)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A resource management error vulnerability exists in Apache Superset versions 2.1.2 and earlier, 3.0.0, and 3.0.1, which stems from uncontrolled resource consumption by the application, and can be...

Apache Dolphinscheduler Arbitrary File Read Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache Dolphinscheduler suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

Apache DolphinScheduler Security Bypass Vulnerability

Apache Dolphinscheduler is a modern data scheduling platform from the Apache USA Foundation. The Apache DolphinScheduler security bypass vulnerability, which stems from a session not being logged off after a password change, can be exploited by an attacker to bypass access restrictions by sending...

Apache Answer Competitive Conditions Issue Vulnerability

Apache Answer is a community platform of the Apache USA Foundation. Apache Answer 1.2.1 and prior versions suffer from a Competing Conditions vulnerability, which arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during...

Apache Kylin Information Disclosure Vulnerability (CNVD-2024-22238)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache Kylin suffers from an information disclosu...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. A security vulnerability exists in Apache DolphinScheduler 3.1.9 and earlier versions, which can be exploited by an unauthenticated attacker to...

Apache Superset SQL Injection Vulnerability (CNVD-2024-0102192)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an authenticated, remote attacker to send specially crafted SQL statements to the wherein JINJA macro...

Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...