Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache apache webserver vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
Apache Airflow
1 Github repository
NA
CVE-2022-38170
In Apache Airflow before 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary fil...
Apache Airflow
NA
CVE-2023-35005
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all u...
Apache Airflow
NA
CVE-2023-39508
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to...
Apache Airflow
5
CVSSv2
CVE-2004-0942
Apache webserver 2.0.52 and previous versions allows remote malicious users to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
Apache Http Server
1 EDB exploit
4
CVSSv2
CVE-2021-26559
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a pri...
Apache Airflow 2.0.0
6.5
CVSSv2
CVE-2008-2717
TYPO3 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote malicious users to bypass security restrictions and upload configuration files such as .htaccess, or conduct file...
Typo3 Typo3 4.0.2
Typo3 Typo3 4.0.3
Typo3 Typo3 4.0.4
Typo3 Typo3 4.1.2
Typo3 Typo3 4.1.3
Typo3 Typo3 4.0.5
Typo3 Typo3 4.0.6
Typo3 Typo3 4.1.4
Typo3 Typo3 4.1.5
Apache Apache Webserver
Typo3 Typo3 4.0.7
Typo3 Typo3 4.0.8
Typo3 Typo3 4.1.6
Typo3 Typo3 4.2
Typo3 Typo3 4.0
Typo3 Typo3 4.0.1
Typo3 Typo3 4.1
Typo3 Typo3 4.1.1
3.3
CVSSv2
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
Apache Http Server 1.3.14
Apache Http Server 2.0
Debian Debian Linux 2.2
7.2
CVSSv2
CVE-2002-0839
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x prior to 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allow...
Apache Http Server
Debian Debian Linux 2.2
Debian Debian Linux 3.0
4.4
CVSSv2
CVE-2020-27216
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creatin...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Vasa Provider
Netapp Virtual Storage Console
Netapp Storage Replication Adapter
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Element Manager
Oracle Flexcube Core Banking
Oracle Communications Application Session Controller 3.9m0p2
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Jd Edwards Enterpriseone Tools
Oracle Communications Converged Application Server - Service Controller 6.2
Oracle Siebel Core - Automation
Apache Beam 2.21.0
Apache Beam 2.22.0
Apache Beam 2.23.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »