Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache nifi vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-44145
In the TransformXML processor of Apache NiFi prior to 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.
Apache Nifi
668
VMScore
CVE-2021-33191
From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through...
Apache Nifi Minifi C\\+\\+
384
VMScore
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
740
VMScore
CVE-2021-20190
A flaw was found in jackson-databind prior to 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Fasterxml Jackson-databind
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Netapp Active Iq Unified Manager -
Apache Nifi
Debian Debian Linux 9.0
Oracle Commerce Guided Search And Experience Manager 11.3.2
445
VMScore
CVE-2020-9486
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Apache Nifi
445
VMScore
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly reque...
Apache Nifi
446
VMScore
CVE-2020-9491
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and ...
Apache Nifi
383
VMScore
CVE-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to servic...
Apache Nifi
570
VMScore
CVE-2020-9482
If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side. This permits the user's client-side token to be used for up to 12 ...
Apache Nifi Registry
445
VMScore
CVE-2020-1942
In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated flow fingerprints which included sensitive property descriptor values. In the event a node attempted to join a cluster and the cluster flow was not inheritable, the flow fingerprint of both the cluster and loc...
Apache Nifi
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »