166 matches found
Apache Superset Information Disclosure Vulnerability (CNVD-2023-9666229)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An information disclosure vulnerability exists in Apache Superset versions prior to 3.0.0, which stems from the application's inadequate protection of sensitive information and can be exploited b...
Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...
Apache NiFi cross-site scripting vulnerability (CNVD-2023-9665850)
Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation and system intermediary logic. Apache NiFi suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and...
Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2023-80558)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A buffer overflow vulnerability exists in Apache HTTP Server version 2.4.54 and earlier. An attacker can exploit this vulnerabilit...
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability th...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-72235)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...
Apache Superset REST API Authorization Issues Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85617)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...
Apache Airflow Input Validation Error Vulnerability (CNVD-2023-67067)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Drill Provider...
Apache Airflow Security Bypass Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security bypass vulnerability exists in Apache Airflow versions prior to 2.6.3,...
Apache Any23 Denial of Service Vulnerability
Apache Any23 is a library, web service, and command-line tool from the Apache Foundation USA. Apache Any23 suffers from a denial of service vulnerability due to a usage flaw in TikaEncodingDetector. An attacker could exploit this vulnerability to cause memory overuse...
Apache Hive Provider Code Execution Vulnerability
Apache Airflow is a suite of open source platforms for creating, managing, and monitoring workflows from the Apache Foundation.The Apache Airflow Hive Provider is a toolkit for reading, writing, and managing large datasets in distributed storage using SQL. A code execution vulnerability exists in...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-55401)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. Apache Airflow suffers from an information disclosure vulnerability, the source program is not sufficiently protected for sensitive information, which can be...
Apache Sling Input Validation Error Vulnerability
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to comply with JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. An input validation error vulnerability exists in Apache Sling Commons...
Apache InLong Weak Password Vulnerability
Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A security vulnerability exists in Apache InLong versions 1.1.0 through 1.6.0, which stems from an application that does not set a complexity requirement for user passwords, and can be...
Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)
Apache Tomcat is the United States Apache Apache Foundation, a lightweight Web application server. Apache Tomcat suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service...
Apache OpenMeetings Code Execution Vulnerability
Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A code execution vulnerability exists in Apache OpenMeetings versions 2.0.0...
Apache OpenMeetings Information Disclosure Vulnerability
Apache OpenMeetings is a multi-language, customizable video conferencing and collaboration system from the Apache Foundation. The product supports audio, video and allows users to view each participant's desktop and more. A security vulnerability exists in Apache OpenMeetings versions 2.0.0 throu...
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2023-52700)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in Apache Airflow versions prior to...
Apache Spark Command Injection Vulnerability (CNVD-2023-71729)
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that stems from the fact that if ACLs are enabled, a code path in the HttpSecurityFilter can...