CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Veracode•added 2022/10/27 6:36 a.m.•20 views

Remote Code Execution (RCE)

Apache Flume is vulnerable to remote code execution. The vulnerability exists due to improper validations of jms source and provider url where the attacker can use the jms source with an unsafe provider url causing arbitrary code executions...

9.8CVSS9.5AI score0.02719EPSS

Exploits0References6Affected Software1

OSV•added 2022/10/26 4:15 p.m.•2 views

CVE-2022-42468

Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...

9.8CVSS6.3AI score0.02719EPSS

Exploits0References3

NVD•added 2022/10/26 4:15 p.m.•40 views

CVE-2022-42468

9.8CVSS0.02719EPSS

Exploits0References3

Prion•added 2022/10/26 4:15 p.m.•27 views

Remote code execution

7.5CVSS9.5AI score0.02719EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2022/10/26 4:15 p.m.•2 views

CVE-2022-42468

9.8CVSS6.4AI score0.02719EPSS

Exploits0References4

CVE•added 2022/10/26 12:0 a.m.•94 views

CVE-2022-42468

Apache Flume (versions 1.4.0–1.10.1) is vulnerable to remote code execution when a JMS Source is configured with an unsafe providerURL, due to JMSSource performing an unvalidated JNDI lookup. The issue is fixed by updating to 1.11.0, which limits JNDI to java protocol or no protocol. Red Hat and ...

9.8CVSS9.7AI score0.02719EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2022/09/13 11:14 a.m.•35 views

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

8.1CVSS5.6AI score0.0231EPSS

Exploits0References3

CNVD•added 2022/08/24 12:0 a.m.•28 views

Apache Flume input validation error vulnerability

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

9.8CVSS2.5AI score0.0231EPSS

Exploits0References1

Veracode•added 2022/08/22 8:18 a.m.•17 views

Remote Code Execution

flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...

9.8CVSS9.5AI score0.0231EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/08/22 12:0 a.m.•44 views

Remote code execution in Apache Flume

9.8CVSS9.2AI score0.0231EPSS

Exploits0References5Affected Software1

NVD•added 2022/08/21 9:15 a.m.•15 views

CVE-2022-34916

9.8CVSS0.0231EPSS

Exploits0References2

Prion•added 2022/08/21 9:15 a.m.•25 views

Remote code execution

7.5CVSS9.5AI score0.0231EPSS

Exploits0References2Affected Software1

CVE•added 2022/08/21 8:15 a.m.•127 views

CVE-2022-34916

CVE-2022-34916 affects Apache Flume versions 1.4.0–1.10.0, where a JMS Source using a JNDI LDAP data source URI can enable remote code execution if an attacker controls the target LDAP server. The vulnerability stems from how JMSMessageConsumer handles JNDI lookups, allowing code execution throug...

9.8CVSS9.6AI score0.0231EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/08/21 8:15 a.m.•23 views

CVE-2022-34916 Improper Input Validation (JNDI Injection) in JMSMessageConsumer

9.8AI score0.0231EPSS

Exploits0References2

Github Security Blog•added 2022/06/15 12:0 a.m.•34 views

Remote Code Execution in Apache Flume

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

9.8CVSS5.5AI score0.04627EPSS

Exploits0References6Affected Software1

OSV•added 2022/06/15 12:0 a.m.•16 views

GHSA-X5M7-RWFX-W7QM Remote Code Execution in Apache Flume

9.8CVSS9.7AI score0.04627EPSS

Exploits0References6

ATTACKERKB•added 2022/06/14 8:15 a.m.•4 views

CVE-2022-25167

9.8CVSS7.8AI score0.04627EPSS

Exploits0References4

NVD•added 2022/06/14 8:15 a.m.•19 views

CVE-2022-25167

9.8CVSS0.04627EPSS

Exploits0References3

Prion•added 2022/06/14 8:15 a.m.•19 views

Remote code execution

7.5CVSS9.5AI score0.04627EPSS

Exploits0References3Affected Software1

CVE•added 2022/06/14 7:55 a.m.•89 views

CVE-2022-25167

Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...

9.8CVSS9.7AI score0.04627EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by