CVE-2019-0201

CVE-2019-0201 affects Apache ZooKeeper up to versions 3.4.13 and 3.5.4-beta, where getACL() does not enforce permissions and returns the ACL Id in plaintext. When Digest Authentication is in use, the unsalted hash value contained in the Id field can be disclosed to unauthenticated or unprivileged...

CVE-2019-10241

CVE-2019-10241 affects Eclipse Jetty prior to specific release lines: 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older. The vulnerability is an XSS due to improper validation of user-supplied input by DefaultServlet and ResourceHandler when a remote client uses a specially crafted URL to ...

CVE-2010-5312

CVE-2010-5312 is a cross-site scripting (XSS) vulnerability in the jQuery UI Dialog widget (jquery.ui.dialog.js) where the title option for the dialog could be attacker-controlled to inject arbitrary script/HTML. It affects jQuery UI prior to 1.10.0. Public disclosures across Debian, Fedora, Red ...

CVE-2019-14439

CVE-2019-14439 describes a polymorphic typing deserialization issue in FasterXML jackson-databind 2.x prior to 2.9.9.2. When Default Typing is enabled (globally or for a property) and logback is in the classpath, an externally exposed JSON endpoint may be vulnerable to unsafe deserialization. Aff...

CVE-2023-48362

CVE-2023-48362 describes a XXE vulnerability in the XML Format Plugin of Apache Drill . The issue affects Drill 1.19.0 and later, enabling an attacker to read arbitrary files on a remote file system or execute commands through a crafted XML file. The documented remediation is to upgrade to Apache...

CVE-2017-12630

CVE-2017-12630 affects Apache Drill 1.11.0 and earlier. The vulnerability is a cross-site scripting issue where submitting a form from the Query page allows an attacker to inject arbitrary script/HTML, which can then execute on the Profile page and potentially expose cookie information. The conne...