National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • Keyword (text search): Apache
There are 1,851 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-1956

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.

Published: May 22, 2020; 10:15:11 AM -04:00
(not available)
CVE-2020-9484

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.

Published: May 20, 2020; 03:15:09 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 6.8 MEDIUM
CVE-2020-11078

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

Published: May 20, 2020; 12:15:10 PM -04:00
V3.1: 6.8 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-1960

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data.

Published: May 14, 2020; 01:15:12 PM -04:00
V3.1: 4.7 MEDIUM
    V2: 1.9 LOW
CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Published: May 14, 2020; 01:15:12 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-11973

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Published: May 14, 2020; 01:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Published: May 14, 2020; 01:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-11971

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

Published: May 14, 2020; 01:15:12 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-17572

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

Published: May 14, 2020; 01:15:11 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2019-17562

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.

Published: May 14, 2020; 01:15:11 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-1945

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

Published: May 14, 2020; 12:15:12 PM -04:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-5407

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid.

Published: May 13, 2020; 01:15:11 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-1939

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected.

Published: May 12, 2020; 11:15:12 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 5.1 MEDIUM
CVE-2018-1285

Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.

Published: May 11, 2020; 01:15:10 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Published: May 06, 2020; 08:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

Published: May 06, 2020; 08:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Published: May 06, 2020; 08:15:10 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2020-1961

Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.

Published: May 04, 2020; 09:15:14 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2020-1959

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.

Published: May 04, 2020; 09:15:13 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-17557

It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string.

Published: May 04, 2020; 09:15:11 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW