Lucene search
K

373 matches found

CVE
CVE
added 2023/07/03 9:8 a.m.138 views

CVE-2023-35797

CVE-2023-35797 affects Apache Airflow Hive Provider prior to 6.1.1 and is an Improper Input Validation vulnerability that can enable remote code execution via the principal parameter when connection details are modifiable. The issue is mitigated by upgrading the provider to version 6.1.1 or later...

9.8CVSS9.2AI score0.02791EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/29 12:30 p.m.16 views

Apache Airflow JDBC Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.8CVSS6.8AI score0.01518EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/06/29 10:15 a.m.42 views

CVE-2023-22886

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.8CVSS8.6AI score0.01518EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/29 9:41 a.m.42 views

CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.9AI score0.01518EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/29 9:41 a.m.15 views

CVE-2023-22886 Apache Airflow JDBC Provider: RCE Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s Connection URL parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission...

8.7AI score0.01518EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/06/27 12:30 p.m.42 views

Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6.9AI score0.01263EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/27 11:39 a.m.13 views

CVE-2023-35798 Airflow Apache ODBC and MSSQL Providers Arbitrary File Read Vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.7AI score0.01263EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/27 11:36 a.m.40 views

CVE-2023-34395 Apache Airflow ODBC Provider: Remote code execution vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

8.2AI score0.0075EPSS
Exploits0References2
CVE
CVE
added 2023/06/27 11:36 a.m.61 views

CVE-2023-34395

CVE-2023-34395 affects the Apache Airflow ODBC Provider, specifically the OdbcHook component. The vulnerability stems from controllable ODBC driver parameters that allow loading of arbitrary dynamic-link libraries, enabling command execution and a privilege escalation in a local context. The issu...

7.8CVSS8AI score0.0075EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.17 views

Fedora 38 : trafficserver (2023-2e6bead58b)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-2e6bead58b advisory. Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631, CVE-2023-33933 Tenable has extracted the preceding description block directly fro...

7.5CVSS7.4AI score0.02005EPSS
Exploits0References4
CVE
CVE
added 2023/06/21 7:1 a.m.58 views

CVE-2023-34340

CVE-2023-34340 affects Apache Accumulo 2.1.0. A defect in the user authentication process may allow access despite invalid credentials, per multiple sources. Upgrade to 2.1.1 is recommended as the remediation in the public advisories (e.g., Apache Accumulo 2.1.1 release notes). The CVSS data in t...

9.8CVSS9.6AI score0.01432EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/06/14 8:15 a.m.15 views

CVE-2023-33933

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...

7.5CVSS7.4AI score0.01496EPSS
Exploits0References5
CVE
CVE
added 2023/06/14 7:50 a.m.129 views

CVE-2023-34396

CVE-2023-34396 affects Apache Struts; a DoS condition arises when processing multipart requests with non-file fields, allowing remote attackers to exhaust resources. The entry covers Struts up to 2.5.30 and 6.1.2, with remediation by upgrading to Struts 2.5.31 or 6.1.2.1 (or later). IBM security ...

7.5CVSS5.7AI score0.05467EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/14 7:44 a.m.27 views

CVE-2023-30631 Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...

7.6AI score0.02005EPSS
Exploits0References5
CVE
CVE
added 2023/06/14 7:44 a.m.77 views

CVE-2023-33933

Apache Traffic Server (OSS reverse/forward proxy) is affected by CVE-2023-33933, impacting versions 8.0.0 through 9.2.0. The issue is described as Exposure of Sensitive Information to an Unauthorized Actor, with impact confined to confidentiality (C: High, I: None, A: None) and no user interactio...

7.5CVSS7.3AI score0.01496EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/06/14 7:44 a.m.21 views

CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions...

7.5CVSS7.1AI score0.01496EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/06/14 7:42 a.m.34 views

CVE-2022-47184

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0...

7.5CVSS7.4AI score0.01879EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/22 6:30 p.m.23 views

User data exposure in Apache InLong

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

6.5CVSS6.8AI score0.0111EPSS
Exploits0References4Affected Software4
NVD
NVD
added 2023/05/22 4:15 p.m.24 views

CVE-2023-31101

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

6.5CVSS6.4AI score0.0111EPSS
Exploits0References1
NVD
NVD
added 2023/05/22 4:15 p.m.46 views

CVE-2023-31064

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7....

7.5CVSS7.5AI score0.01247EPSS
Exploits0References1
Rows per page
Query Builder