Filtered by vendor Apache
Subscribe
Total
2407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11788 | 1 Apache | 1 Karaf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. | |||||
| CVE-2018-11787 | 1 Apache | 1 Karaf | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised. | |||||
| CVE-2018-11786 | 1 Apache | 1 Karaf | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. | |||||
| CVE-2018-11785 | 1 Apache | 1 Impala | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. | |||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | |||||
| CVE-2018-11783 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. | |||||
| CVE-2018-11782 | 1 Apache | 1 Subversion | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. | |||||
| CVE-2018-11781 | 4 Apache, Canonical, Debian and 1 more | 7 Spamassassin, Ubuntu Linux, Debian Linux and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. | |||||
| CVE-2018-11780 | 4 Apache, Canonical, Debian and 1 more | 4 Spamassassin, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. | |||||
| CVE-2018-11779 | 1 Apache | 1 Storm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | |||||
| CVE-2018-11778 | 1 Apache | 1 Ranger | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Versions prior to 1.2.0 should be upgraded to 1.2.0 | |||||
| CVE-2018-11777 | 1 Apache | 1 Hive | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. | |||||
| CVE-2018-11775 | 2 Apache, Oracle | 3 Activemq, Enterprise Repository, Flexcube Private Banking | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | |||||
| CVE-2018-11774 | 1 Apache | 1 Virtual Computing Lab | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when adding and removing VMs to and from hosts. The form data is then used in SQL statements. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11773 | 1 Apache | 1 Virtual Computing Lab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache VCL versions 2.1 through 2.5 do not properly validate form input when processing a submitted block allocation. The form data is then used as an argument to the php built in function strtotime. This allows for an attack against the underlying implementation of that function. The implementation of strtotime at the time the issue was discovered appeared to be resistant to a malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11772 | 1 Apache | 1 Virtual Computing Lab | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Apache VCL versions 2.1 through 2.5 do not properly validate cookie input when determining what node (if any) was previously selected in the privilege tree. The cookie data is then used in an SQL statement. This allows for an SQL injection attack. Access to this portion of a VCL system requires admin level rights. Other layers of security seem to protect against malicious attack. However, all VCL systems running versions earlier than 2.5.1 should be upgraded or patched. This vulnerability was found and reported to the Apache VCL project by ADLab of Venustech. | |||||
| CVE-2018-11771 | 2 Apache, Oracle | 2 Commons Compress, Weblogic Server | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package. | |||||
| CVE-2018-11770 | 1 Apache | 1 Spark | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting 'spark.authenticate.secret' when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of 'spark.master.rest.enabled' to 'false'. | |||||
| CVE-2018-11769 | 1 Apache | 1 Couchdb | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007. | |||||
| CVE-2018-11768 | 1 Apache | 1 Hadoop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage. | |||||