Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache storm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43123
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The ...
Apache Storm
670
VMScore
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x before 2.2.1 and Apache Storm 1.x before 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
Apache Storm
668
VMScore
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. ...
Apache Storm
1 Github repository
668
VMScore
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Apache Storm
445
VMScore
CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these ...
Apache Storm 0.9.1
Apache Storm 0.9.2
Apache Storm
445
VMScore
CVE-2018-1320
Apache Thrift Java client library versions 0.5.0 up to and including 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in...
Apache Thrift
Debian Debian Linux 8.0
F5 Traffix Signaling Delivery Controller
Oracle Global Lifecycle Management Opatch
Oracle Nosql Database
578
VMScore
CVE-2018-1331
In Apache Storm 0.10.0 up to and including 0.10.2, 1.0.0 up to and including 1.0.6, 1.1.0 up to and including 1.1.2, and 1.2.0 up to and including 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Apache Storm
356
VMScore
CVE-2018-1332
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
Apache Storm
517
VMScore
CVE-2018-8008
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cp...
Apache Storm
694
VMScore
CVE-2014-0115
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to log.
Apache Storm 0.9.0.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »