Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache software foundation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this t...
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-39553
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an malicious user to pass in malicious parameters when establishing a connection with DrillHook giving an ...
Apache Apache-airflow-providers-apache-drill
5
CVSSv2
CVE-2017-9804
In Apache Struts 2.3.7 up to and including 2.3.33 and 2.5 up to and including 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing v...
Apache Struts 2.5.12
Apache Struts 2.3.7
Apache Struts 2.3.14.1
Apache Struts 2.3.14.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16.2
Apache Struts 2.3.21
Apache Struts 2.3.22
Apache Struts 2.3.28.1
Apache Struts 2.3.29
Apache Struts 2.5
Apache Struts 2.5.7
Apache Struts 2.5.8
Apache Struts 2.3.10
Apache Struts 2.3.11
Apache Struts 2.3.12
Apache Struts 2.3.15.1
Apache Struts 2.3.15.2
Apache Struts 2.3.19
Apache Struts 2.3.20
Apache Struts 2.3.25
Apache Struts 2.3.26
1 Github repository
1 Article
6.8
CVSSv2
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 up to and including 2.3.x prior to 2.3.34 and 2.5.x prior to 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.3.1.2
Apache Struts 2.3.3
Apache Struts 2.3.14.2
Apache Struts 2.3.14.3
Apache Struts 2.3.16.2
Apache Struts 2.3.16.3
Apache Struts 2.3.28
Apache Struts 2.3.28.1
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.10.1
Apache Struts 2.5.11
Apache Struts 2.1.2
Apache Struts 2.2.1
Apache Struts 2.2.1.1
Apache Struts 2.3.4
Apache Struts 2.3.4.1
Apache Struts 2.3.15
Apache Struts 2.3.15.1
Apache Struts 2.3.20
1 EDB exploit
18 Github repositories
3 Articles
NA
CVE-2023-22886
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain ai...
Apache Apache-airflow-providers-jdbc
7.8
CVSSv2
CVE-2006-1547
ActionForm in Apache Software Foundation (ASF) Struts prior to 1.2.9 with BeanUtils 1.7 allows remote malicious users to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which prov...
Apache Struts 1.2.7
Apache Struts
1 Github repository
NA
CVE-2023-34442
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. U...
Apache Camel 4.0.0
Apache Camel
NA
CVE-2023-31101
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 up to and including 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade...
Apache Inlong 1.5.0
Apache Inlong 1.6.0
NA
CVE-2023-34395
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters t...
Apache Apache-airflow-providers-odbc
5
CVSSv2
CVE-2003-0245
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 up to and including 2.0.45 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML ...
Apache Http Server 2.0.42
Apache Http Server 2.0.37
Apache Http Server 2.0.44
Apache Http Server 2.0.39
Apache Http Server 2.0.41
Apache Http Server 2.0.38
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.43
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »