20 matches found
Exploit for CVE-2026-22444
CVE-2026-22444 Apache Solr UNC Path Validation Vulnerability...
EUVD-2018-0681
Malware in sbrugna...
EUVD-2018-0539
Malware in sbrugna...
EUVD-2022-0662
Malicious code in bioql PyPI...
EUVD-2022-3029
Malicious code in bioql PyPI...
EUVD-2018-0485
Malicious code in bioql PyPI...
EUVD-2022-3336
Malicious code in bioql PyPI...
Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)
Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...
USN-7283-1: Apache Solr vulnerability
It was discovered that the Apache Solr DataImportHandler module incorrectly handled certain request parameters in a default configuration. A remote attacker could possibly use this issue to execute arbitrary code...
Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
GHSA-4P5M-GVPF-F3X5 Apache Solr Relative Path Traversal vulnerability
Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths t...
Apache Solr Code Issue Vulnerability
Apache Solr is the United States Apache Apache Foundation of a search server based on Lucene a full-text search engine. The product supports level search , vertical search , highlighting search results and so on. A code issue vulnerability exists in Apache Solr, which stems from the presence of a...
CVE-2024-45217
Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...
UBUNTU-CVE-2023-50292
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
CVE-2023-50292 Apache Solr: Solr Schema Designer blindly "trusts" all configsets, possibly leading to RCE by unauthenticated users
Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr. This issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0. The Schema Designer was introduced to allow users to more easily configu...
Apache Solr 1.3.0 <= 7.6.0 Server Side Request Forgery
Server Side Request Forgery in Apache Solr, versions 1.3.0 until 7.6.0 inclusive. A remote, unauthenticated attacker can use the 'shards' parameter to make a HTTP GET request to any reachable web server; as this does not use any applicable whitelist or URL validation. Note that the scanner has no...
The vulnerability of the Config software interface towards the Apache Solr search server allows a hacker to execute arbitrary code.
The vulnerability of the Config software interface of the Apache Solr search server lies in the rehydration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the Solr side through HTTP POST requests after deserialization...
Xxe
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...
Apache Solr < 6.4.1 Unspecified Vulnerability
Binary data 9945.prm...
CVE-2012-6612
The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...