CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8064 matches found

Prion•added 2023/08/22 7:16 p.m.•28 views

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even...

3.3CVSS6.5AI score0.00119EPSS

Exploits0References6Affected Software2

Cvelist•added 2023/08/22 1:57 p.m.•24 views

CVE-2022-44730 Apache XML Graphics Batik: Information disclosure vulnerability

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL...

6.1AI score0.00516EPSS

Exploits0References6

Debian CVE•added 2023/08/22 1:57 p.m.•34 views

CVE-2022-44730

4.4CVSS6.2AI score0.00516EPSS

Exploits0

Positive Technologies•added 2023/08/22 12:0 a.m.•3 views

PT-2023-7021 · Apache +2 · Apache Xml Graphics Batik +2

Name of the Vulnerable Software and Affected Versions: Apache XML Graphics Batik version 1.16 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability in Apache XML Graphics Batik. This vulnerability can be exploited by a malicious SVG, which could trigger the loading...

8.2CVSS6.5AI score0.47784EPSS

Exploits1References70

CNVD•added 2023/08/19 12:0 a.m.•14 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85617)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow Spark Provider...

7.5CVSS6.3AI score0.00648EPSS

Exploits0References1

CVE•added 2023/08/18 9:54 p.m.•197 views

CVE-2023-40037

CVE-2023-40037 affects Apache NiFi versions 1.21.0 through 1.23.0, where JDBC/JNDI JMS access in several Processors and Controller Services uses connection URL validation that is insufficient against crafted inputs. An authenticated, authorized user can bypass validation by formatting inputs clev...

6.5CVSS6.3AI score0.01261EPSS

Exploits0References3Affected Software1

OSV•added 2023/08/11 8:15 a.m.•16 views

CVE-2023-39553

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

7.5CVSS7.3AI score

Exploits0References3

NVD•added 2023/08/08 6:15 p.m.•20 views

CVE-2023-36877

Azure Apache Oozie Spoofing Vulnerability...

4.5CVSS5AI score0.00315EPSS

Exploits0References1

NVD•added 2023/08/08 6:15 p.m.•16 views

CVE-2023-36881

Azure Apache Ambari Spoofing Vulnerability...

4.5CVSS5AI score0.00281EPSS

Exploits0References1

Prion•added 2023/08/08 6:15 p.m.•21 views

Spoofing

Azure Apache Hadoop Spoofing Vulnerability...

2.8CVSS5.1AI score0.00281EPSS

Exploits0References1

Cvelist•added 2023/08/08 5:8 p.m.•18 views

CVE-2023-36881 Azure Apache Ambari Spoofing Vulnerability

...

4.5CVSS5.4AI score0.00281EPSS

Exploits0References1

Vulnrichment•added 2023/08/08 5:8 p.m.•16 views

CVE-2023-36881 Azure Apache Ambari Spoofing Vulnerability

...

4.5CVSS6.9AI score0.00281EPSS

Exploits0References1

CVE•added 2023/08/08 5:8 p.m.•98 views

CVE-2023-36881

CVE-2023-36881 corresponds to a spoofing vulnerability in Azure Apache Ambari. Public sources in the connected data identify Azure HDInsights/Azure Arc context and map the impact to spoofing, with an ability to impersonate or pre-emptively act as another user. The MSRC advisory indicates updates ...

4.5CVSS5.1AI score0.00281EPSS

Exploits0References1Affected Software1

CVE•added 2023/08/08 5:8 p.m.•105 views

CVE-2023-36877

Technical details about CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability) are not available in the provided documents. No affected versions, root cause, or mitigation are specified here. Monitor for updates from official advisories.

4.5CVSS5.1AI score0.00315EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/08/08 5:8 p.m.•17 views

CVE-2023-36877 Azure Apache Oozie Spoofing Vulnerability

...

4.5CVSS5.4AI score0.00315EPSS

Exploits0References1

CVE•added 2023/08/08 5:8 p.m.•89 views

CVE-2023-38188

CVE-2023-38188 is a spoofing vulnerability affecting Azure Apache Hadoop components in Azure HDInsight. Public sources (NCSC) indicate pre-authentication access to impersonate another user, enabling user-interface spoofing and potential privilege-lifting within affected Azure HDInsight/Azure Hado...

4.5CVSS5.1AI score0.00281EPSS

Exploits0References1Affected Software1

CVE•added 2023/08/08 5:8 p.m.•105 views

CVE-2023-35393

CVE-2023-35393 corresponds to a spoofing vulnerability in Azure Apache Hive affecting Azure HDInsight/Hive components. The NCSC advisory summarizes the impact as "Pretend to be another user" and recommends installing the updates from Microsoft MSRC/MS-Update guidance. The available sources label ...

4.5CVSS5.1AI score0.00315EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2023/08/08 5:8 p.m.•14 views

CVE-2023-35393 Azure Apache Hive Spoofing Vulnerability

...

4.5CVSS6.9AI score0.00315EPSS

Exploits0References1

OSV•added 2023/08/08 12:34 p.m.•16 views

RLSA-2023:4418 Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag...

7.5CVSS8.3AI score0.00198EPSS

Exploits1References2