Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache storm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-43123
On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The ...
Apache Storm
668
VMScore
CVE-2021-40865
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. ...
Apache Storm
1 Github repository
670
VMScore
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x before 2.2.1 and Apache Storm 1.x before 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
Apache Storm
668
VMScore
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Apache Storm
445
VMScore
CVE-2019-0202
The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these ...
Apache Storm 0.9.1
Apache Storm 0.9.2
Apache Storm
578
VMScore
CVE-2018-1331
In Apache Storm 0.10.0 up to and including 0.10.2, 1.0.0 up to and including 1.0.6, 1.1.0 up to and including 1.1.2, and 1.2.0 up to and including 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Apache Storm
356
VMScore
CVE-2018-1332
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
Apache Storm
517
VMScore
CVE-2018-8008
Apache Storm version 1.0.6 and previous versions, 1.2.1 and previous versions, and version 1.1.2 and previous versions expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cp...
Apache Storm
694
VMScore
CVE-2014-0115
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to log.
Apache Storm 0.9.0.1
383
VMScore
CVE-2017-9799
It was found that under some situations and configurations of Apache Storm 1.x prior to 1.0.4 and 1.1.x prior to 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could...
Apache Storm 1.0.2
Apache Storm 1.1
Apache Storm 1.0.1
Apache Storm 1.0.3
Apache Storm 1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »