# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-23181 |
367 |
|
|
2022-01-27 |
2022-11-07 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. |
2 |
CVE-2021-35940 |
125 |
|
|
2021-08-23 |
2022-12-07 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. |
3 |
CVE-2021-32609 |
79 |
|
XSS |
2021-10-18 |
2021-10-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page. |
4 |
CVE-2021-28544 |
200 |
|
+Info |
2022-04-12 |
2022-12-20 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. |
5 |
CVE-2021-27907 |
79 |
|
Exec Code XSS |
2021-03-05 |
2021-03-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. |
6 |
CVE-2021-26544 |
79 |
|
XSS |
2021-02-20 |
2021-02-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. |
7 |
CVE-2020-17526 |
|
|
|
2020-12-21 |
2022-04-26 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. |
8 |
CVE-2020-11983 |
79 |
|
XSS |
2020-07-17 |
2020-07-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks. |
9 |
CVE-2020-1958 |
74 |
|
Bypass |
2020-04-01 |
2022-04-06 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. |
10 |
CVE-2020-1945 |
668 |
|
+Info |
2020-05-14 |
2022-04-04 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. |
11 |
CVE-2019-17557 |
79 |
|
Exec Code XSS |
2020-05-04 |
2020-05-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. By this mean, a user accessing the Enduser UI could execute javascript code from URL query string. |
12 |
CVE-2019-12417 |
79 |
|
XSS |
2019-10-30 |
2019-11-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process. |
13 |
CVE-2019-12398 |
79 |
|
XSS |
2020-01-14 |
2020-01-21 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected. |
14 |
CVE-2019-0216 |
79 |
|
XSS |
2019-04-10 |
2019-04-11 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
15 |
CVE-2018-20244 |
79 |
|
XSS |
2019-02-27 |
2019-04-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. |
16 |
CVE-2018-17184 |
79 |
|
Exec Code XSS |
2018-11-06 |
2018-12-13 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. When another user with enough administration entitlements edits one of the Entities above via Admin Console, the injected JavaScript code is executed. |
17 |
CVE-2018-1313 |
|
|
|
2018-05-07 |
2022-04-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work. |
18 |
CVE-2018-1283 |
|
|
|
2018-03-26 |
2021-06-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. |
19 |
CVE-2017-15703 |
502 |
|
DoS |
2018-01-25 |
2018-02-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release. |
20 |
CVE-2017-12630 |
79 |
|
XSS +Info |
2017-12-18 |
2018-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards. |
21 |
CVE-2017-12613 |
125 |
|
DoS |
2017-10-24 |
2022-04-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. |
22 |
CVE-2017-9796 |
200 |
|
+Info |
2018-01-10 |
2018-02-02 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. |
23 |
CVE-2017-3165 |
79 |
|
XSS |
2017-09-13 |
2017-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability. |
24 |
CVE-2016-8751 |
79 |
|
Exec Code XSS |
2017-06-14 |
2019-03-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies. |
25 |
CVE-2016-8748 |
79 |
|
XSS |
2017-10-19 |
2019-05-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a cross-site scripting vulnerability in connection details dialog when accessed by an authorized user. The user supplied text was not being properly handled when added to the DOM. |
26 |
CVE-2016-8612 |
20 |
|
|
2018-03-09 |
2023-02-02 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
An error was found in protocol parsing logic of mod_cluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process. |
27 |
CVE-2016-5395 |
79 |
|
XSS |
2016-09-26 |
2016-09-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. |
28 |
CVE-2016-5005 |
79 |
|
XSS |
2016-07-28 |
2019-04-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action. |
29 |
CVE-2016-0782 |
79 |
|
XSS +Info |
2016-08-05 |
2019-03-27 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue. |
30 |
CVE-2015-3186 |
79 |
|
XSS |
2015-11-02 |
2015-11-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. |
31 |
CVE-2014-0228 |
284 |
|
+Info |
2014-11-16 |
2018-10-09 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI. |
32 |
CVE-2013-4558 |
20 |
|
DoS |
2013-12-07 |
2013-12-20 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /. |
33 |
CVE-2013-4277 |
264 |
|
|
2013-09-16 |
2017-09-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. |
34 |
CVE-2013-2192 |
287 |
|
+Info |
2014-01-24 |
2017-03-24 |
3.2 |
None |
Local Network |
High |
Not required |
Partial |
Partial |
None |
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. |
35 |
CVE-2013-0248 |
264 |
|
|
2013-03-15 |
2021-07-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. |
36 |
CVE-2013-0177 |
79 |
|
XSS |
2014-01-30 |
2018-05-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages. |
37 |
CVE-2012-2381 |
79 |
|
XSS |
2012-06-26 |
2013-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. |
38 |
CVE-2010-4644 |
399 |
|
DoS |
2011-01-07 |
2017-08-17 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. |
39 |
CVE-2010-0684 |
79 |
|
XSS |
2010-04-05 |
2018-10-10 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action. |
40 |
CVE-2007-6421 |
79 |
|
XSS |
2008-01-08 |
2021-06-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. |
41 |
CVE-2007-5731 |
22 |
|
Dir. Trav. |
2007-10-30 |
2017-09-29 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461. |
42 |
CVE-2007-5461 |
22 |
|
Dir. Trav. |
2007-10-15 |
2019-03-25 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
43 |
CVE-2007-2450 |
79 |
|
XSS |
2007-06-14 |
2019-03-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors. |
44 |
CVE-2007-1742 |
|
|
|
2007-04-13 |
2008-11-13 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." |
45 |
CVE-2001-0131 |
59 |
|
|
2001-03-12 |
2020-10-09 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. |