Vulnerabilidades em apache

91 resultados
CVE-2019-0234A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize EPSS 3.4%CVE-2019-10074An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a fieEPSS 3.4%CVE-2019-0207Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter EPSS 3.1%CVE-2021-32824CRITICALRegular expression Denial of Service in MooToolsEPSS 2.9%CVE-2019-0204A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the comEPSS 2.7%CVE-2020-1952An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certificatioEPSS 2.7%CVE-2020-1937Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database quEPSS 2.7%CVE-2021-25958MEDIUMGeneration of Error Message Containing Sensitive Information in Apache OFBizEPSS 2.6%CVE-2020-9482If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates theEPSS 2.6%CVE-2020-1950A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.EPSS 2.6%CVE-2019-10094A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in EPSS 2.5%CVE-2020-9481Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.EPSS 2.4%CVE-2018-11773Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then EPSS 2.1%CVE-2014-4651It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flEPSS 2.1%CVE-2019-17555The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep()EPSS 2.1%CVE-2019-0202The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versionEPSS 2.0%CVE-2018-11802In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. HoweEPSS 2.0%CVE-2015-7559LOWIt was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker loEPSS 2.0%CVE-2019-12398In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow meEPSS 1.9%CVE-2019-0226Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite exiEPSS 1.8%