Filtered by vendor Apache
Subscribe
Total
2223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13959 | 2 Apache, Debian | 2 Velocity Tools, Debian Linux | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. | |||||
| CVE-2020-13957 | 1 Apache | 1 Solr | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. | |||||
| CVE-2020-13956 | 4 Apache, Netapp, Oracle and 1 more | 17 Httpclient, Active Iq Unified Manager, Snapcenter and 14 more | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | |||||
| CVE-2020-13954 | 3 Apache, Netapp, Oracle | 6 Cxf, Snap Creator Framework, Vasa Provider For Clustered Data Ontap and 3 more | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. | |||||
| CVE-2020-13953 | 1 Apache | 1 Tapestry | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. | |||||
| CVE-2020-13951 | 1 Apache | 1 Openmeetings | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. | |||||
| CVE-2020-13950 | 4 Apache, Debian, Fedoraproject and 1 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | |||||
| CVE-2020-13949 | 2 Apache, Oracle | 4 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | |||||
| CVE-2020-13948 | 1 Apache | 1 Superset | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | |||||
| CVE-2020-13947 | 2 Apache, Oracle | 3 Activemq, Communications Session Report Manager, Communications Session Route Manager | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | |||||
| CVE-2020-13946 | 2 Apache, Netapp | 2 Cassandra, Oncommand Insight | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. | |||||
| CVE-2020-13944 | 1 Apache | 1 Airflow | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | |||||
| CVE-2020-13942 | 1 Apache | 1 Unomi | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem. | |||||
| CVE-2020-13941 | 1 Apache | 1 Solr | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. | |||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2023-11-07 | 2.1 LOW | 5.5 MEDIUM |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | |||||
| CVE-2020-13936 | 3 Apache, Debian, Oracle | 16 Velocity Engine, Wss4j, Debian Linux and 13 more | 2023-11-07 | 9.0 HIGH | 8.8 HIGH |
| An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. | |||||
| CVE-2020-13935 | 7 Apache, Canonical, Debian and 4 more | 18 Tomcat, Ubuntu Linux, Debian Linux and 15 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | |||||
| CVE-2020-13934 | 6 Apache, Canonical, Debian and 3 more | 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. | |||||
| CVE-2020-13933 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | |||||
| CVE-2020-13932 | 1 Apache | 1 Activemq Artemis | 2023-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section. | |||||