Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-50379

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-17 Dec, 2024 | 12:34
Updated At-08 Aug, 2025 | 11:26
Rejected At-
Credits

Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:17 Dec, 2024 | 12:34
Updated At:08 Aug, 2025 | 11:26
Rejected At:
▼CVE Numbering Authority (CNA)
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Tomcat
Default Status
unaffected
Versions
Affected
  • From 11.0.0-M1 through 11.0.1 (semver)
  • From 10.1.0-M1 through 10.1.33 (semver)
  • From 9.0.0.M1 through 9.0.97 (semver)
  • From 8.5.0 through 8.5.100 (semver)

unknown

  • From 3 before 8.5.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
important
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Nacl, WHOAMI, Yemoli and Ruozhi
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
vendor-advisory
Hyperlink: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2024/12/17/4
N/A
http://www.openwall.com/lists/oss-security/2024/12/18/2
N/A
https://security.netapp.com/advisory/ntap-20250103-0003/
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/12/17/4
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/12/18/2
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20250103-0003/
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:17 Dec, 2024 | 13:15
Updated At:08 Aug, 2025 | 12:15

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches

The Apache Software Foundation
apache
>>tomcat>>Versions from 9.0.0(inclusive) to 9.0.98(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 10.1.0(inclusive) to 10.1.34(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 11.0.0(inclusive) to 11.0.2(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>bootstrap_os>>-
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
NetApp, Inc.
netapp
>>hci_compute_node>>-
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-367Secondarysecurity@apache.org
CWE ID: CWE-367
Type: Secondary
Source: security@apache.org
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80rsecurity@apache.org
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/12/17/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://www.openwall.com/lists/oss-security/2024/12/18/2af854a3a-2127-422b-91ae-364da2661108
Mailing List
https://security.netapp.com/advisory/ntap-20250103-0003/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://lists.apache.org/thread/y6lj6q1xnp822g6ro70tn19sgtjmr80r
Source: security@apache.org
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2024/12/17/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://www.openwall.com/lists/oss-security/2024/12/18/2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: https://security.netapp.com/advisory/ntap-20250103-0003/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

426Records found

CVE-2016-3427
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.63% / 99.83%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Action-Not Available
Vendor-n/aOracle CorporationThe Apache Software FoundationSUSENetApp, Inc.Red Hat, Inc.openSUSECanonical Ltd.Debian GNU/Linux
Product-oncommand_workflow_automationoncommand_performance_managerlinux_enterprise_serveroncommand_shiftmanager_proxyenterprise_linux_server_eusoncommand_unified_managerjdkoncommand_reportmanagere-series_santricity_web_servicesdebian_linuxlinuxvasa_provider_for_clustered_data_ontape-series_santricity_management_plug-insenterprise_linux_server_ausstoragegridjrockitleapopensuseenterprise_linux_desktope-series_santricity_storage_managersatelliteenterprise_linux_serverenterprise_linux_euslinux_enterprise_module_for_legacyopenstack_cloudlinux_enterprise_desktoplinux_enterprise_software_development_kitoncommand_insightoncommand_balanceubuntu_linuxoncommand_cloud_managerenterprise_linux_server_tusenterprise_linux_workstationjrecassandravirtual_storage_consolen/aJava SE and JRockit
CWE ID-CWE-284
Improper Access Control
CVE-2022-32533
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-11.55% / 93.36%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 09:40
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

Action-Not Available
Vendor-The Apache Software Foundation
Product-jetspeedApache Portalsportals_jetspeed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45029
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.34% / 89.67%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 13:00
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ShenYu 2.4.1 Groovy Code Injection & SpEL Injection

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu (incubating)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-44548
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-6.38% / 90.62%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 08:55
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Solr information disclosure vulnerability through DataImportHandler

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

Action-Not Available
Vendor-The Apache Software FoundationMicrosoft Corporation
Product-windowssolrApache Solr
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-40
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-21990
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 19:35
Updated-10 Feb, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility

ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x contain hard-coded credentials that could allow an attacker to view Deploy configuration information and modify the account credentials.

Action-Not Available
Vendor-NetApp, Inc.
Product-ontap_select_deploy_administration_utilityONTAP Select Deploy administration utilityclustered_data_ontap
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2016-10160
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.52% / 84.82%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

Action-Not Available
Vendor-n/aDebian GNU/LinuxNetApp, Inc.The PHP Group
Product-clustered_data_ontapdebian_linuxphpn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2020-11974
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-11.35% / 93.28%
||
7 Day CHG~0.00%
Published-18 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler(Incubating)
CVE-2021-43527
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.24% / 89.59%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 00:00
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

Action-Not Available
Vendor-starwindsoftwareMozilla CorporationNetApp, Inc.Oracle Corporation
Product-communications_cloud_native_core_network_slice_selection_functionstarwind_virtual_sancloud_backupe-series_santricity_os_controllercommunications_cloud_native_core_network_repository_functionnss_esrcommunications_cloud_native_core_binding_support_functionstarwind_san_\&_nascommunications_policy_managementnssNSS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-41303
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-61.81% / 98.27%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 08:20
Updated-04 Aug, 2024 | 03:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-shirofinancial_services_crime_and_compliance_management_studioApache Shiro
CWE ID-CWE-287
Improper Authentication
CVE-2021-41616
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.07% / 76.84%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 07:55
Updated-23 Apr, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ddlutils 1.0 readobject vulnerability

Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intended for use when migrating database data with a SQL data type of BINARY, VARBINARY, LONGVARBINARY, or BLOB between databases using the ddlutils features. The BinaryObjectsHelper class was insecure and used ObjectInputStream.readObject without validating that the input data was safe to deserialize. Please note that DdlUtils is no longer being actively developed. To address the insecurity of the BinaryObjectHelper class, the following changes to DdlUtils have been made: (1) BinaryObjectsHelper.java has been deleted from the DdlUtils source repository and the DdlUtils feature of propagating data of SQL binary types is therefore no longer present in DdlUtils; (2) The ddlutils-1.0 release has been removed from the Apache Release Distribution Infrastructure; (3) The DdlUtils web site has been updated to indicate that DdlUtils is now available only as source code, not as a packaged release.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ddlutilsApache DB ddlutils
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-42013
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.43% / 99.98%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:50
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationOracle CorporationFedora Project
Product-instantis_enterprisetrackcloud_backuphttp_serverfedorasecure_backupjd_edwards_enterpriseone_toolsApache HTTP ServerHTTP Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-14967
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.34% / 55.96%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 11:19
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the jsrsasign package before 8.0.18 for Node.js. Its RSA PKCS1 v1.5 decryption implementation does not detect ciphertext modification by prepending '\0' bytes to ciphertexts (it decrypts modified ciphertexts without error). An attacker might prepend these bytes with the goal of triggering memory corruption issues.

Action-Not Available
Vendor-jsrsasign_projectn/aNetApp, Inc.
Product-max_datajsrsasignn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-42010
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CRLF log injection

Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-heronApache Heron (Incubating)
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2015-7871
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-76.65% / 98.90%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Action-Not Available
Vendor-ntpn/aDebian GNU/LinuxNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_manageroncommand_balanceclustered_data_ontapdebian_linuxntpdata_ontapn/a
CWE ID-CWE-287
Improper Authentication
CVE-2022-31692
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-6.71% / 90.88%
||
7 Day CHG+0.39%
Published-31 Oct, 2022 | 00:00
Updated-06 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies security to forward and include dispatcher types. The application uses the AuthorizationFilter either manually or via the authorizeHttpRequests() method. The application configures the FilterChainProxy to apply to forward and/or include requests (e.g. spring.security.filter.dispatcher-types = request, error, async, forward, include). The application may forward or include the request to a higher privilege-secured endpoint.The application configures Spring Security to apply to every dispatcher type via authorizeHttpRequests().shouldFilterAllDispatcherTypes(true)

Action-Not Available
Vendor-n/aNetApp, Inc.VMware (Broadcom Inc.)
Product-spring_securityactive_iq_unified_managerSpring by VMware
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2015-7853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-20.96% / 95.42%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.
Product-oncommand_unified_manageroncommand_performance_manageroncommand_balanceclustered_data_ontapntpdata_ontapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-7705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-29.58% / 96.45%
||
7 Day CHG~0.00%
Published-07 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Action-Not Available
Vendor-ntpn/aNetApp, Inc.Siemens AGCitrix (Cloud Software Group, Inc.)
Product-oncommand_unified_manageroncommand_performance_managertim_4r-ie_dnp3_firmwareclustered_data_ontaptim_4r-ie_dnp3xenservertim_4r-ie_firmwaretim_4r-ientpdata_ontapn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-40146
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.21% / 86.52%
||
7 Day CHG~0.00%
Published-11 Sep, 2021 | 11:05
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN, or internet. RCE belongs to the broader class of arbitrary code execution (ACE) vulnerabilities.

Action-Not Available
Vendor-The Apache Software Foundation
Product-any23Apache Any23
CVE-2019-5505
Matching Score-8
Assigner-NetApp, Inc.
ShareView Details
Matching Score-8
Assigner-NetApp, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.82%
||
7 Day CHG~0.00%
Published-24 Sep, 2019 | 19:56
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ONTAP Select Deploy administration utility versions 2.2 through 2.12.1 transmit credentials in plaintext.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-ontap_select_deploy_administration_utilityONTAP Select Deploy administration utility
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-37404
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.02%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 07:00
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in libhdfs native library

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

Action-Not Available
Vendor-The Apache Software Foundation
Product-hadoopApache Hadoop
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50164
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.66% / 99.84%
||
7 Day CHG~0.00%
Published-07 Dec, 2023 | 08:49
Updated-14 Mar, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Struts: File upload component had a directory traversal vulnerability

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-strutsApache Struts
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2021-37578
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.58% / 80.85%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 07:05
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution via RMI

Apache jUDDI uses several classes related to Java's Remote Method Invocation (RMI) which (as an extension to UDDI) provides an alternate transport for accessing UDDI services. RMI uses the default Java serialization mechanism to pass parameters in RMI invocations. A remote attacker can send a malicious serialized object to the above RMI entries. The objects get deserialized without any check on the incoming data. In the worst case, it may let the attacker run arbitrary code remotely. For both jUDDI web service applications and jUDDI clients, the usage of RMI is disabled by default. Since this is an optional feature and an extension to the UDDI protocol, the likelihood of impact is low. Starting with 3.3.10, all RMI related code was removed.

Action-Not Available
Vendor-The Apache Software Foundation
Product-juddiApache jUDDI
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-3711
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.75% / 85.42%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 14:50
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).

Action-Not Available
Vendor-Debian GNU/LinuxOpenSSLNetApp, Inc.Oracle CorporationTenable, Inc.
Product-communications_unified_session_managerjd_edwards_world_securitypeoplesoft_enterprise_peopletoolshealth_sciences_inform_publisheropensslcommunications_cloud_native_core_security_edge_protection_proxyactive_iq_unified_managermysql_connectorsoncommand_workflow_automationtenable.scsantricity_smi-s_providerstorage_encryptionsolidfiresnapcenterenterprise_session_border_controllerclustered_data_ontapdebian_linuxmanageability_software_development_kitessbasecommunications_cloud_native_core_unified_data_repositoryhci_management_nodemysql_enterprise_monitore-series_santricity_os_controllerzfs_storage_appliance_kitclustered_data_ontap_antivirus_connectornessus_network_monitormysql_servercommunications_session_border_controllerenterprise_communications_brokerjd_edwards_enterpriseone_toolsoncommand_insightOpenSSL
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-38294
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-87.81% / 99.44%
||
7 Day CHG~0.00%
Published-25 Oct, 2021 | 12:22
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shell Command Injection Vulnerability in Nimbus Thrift Server

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormApache Storm
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-37580
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.99% / 99.88%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 09:35
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ShenYu Admin bypass JWT authentication

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu Admin
CWE ID-CWE-287
Improper Authentication
CVE-2021-35474
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-6.34% / 90.60%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 07:15
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dynamic stack buffer overflow in cachekey plugin

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36163
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.61% / 81.02%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 09:25
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe deserialization in providers using the Hessian protocol

In Apache Dubbo, users may choose to use the Hessian protocol. The Hessian protocol is implemented on top of HTTP and passes the body of a POST request directly to a HessianSkeleton: New HessianSkeleton are created without any configuration of the serialization factory and therefore without applying the dubbo properties for applying allowed or blocked type lists. In addition, the generic service is always exposed and therefore attackers do not need to figure out a valid service/method name pair. This is fixed in 2.7.13, 2.6.10.1

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-43267
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-69.02% / 98.57%
||
7 Day CHG~0.00%
Published-02 Nov, 2021 | 22:13
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-h300eh500sh300s_firmwareh410sh300sh300e_firmwarelinux_kernelh500eh410s_firmwarefedorah500s_firmwareh700s_firmwareh500e_firmwareh700eh700e_firmwareh700sn/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-36152
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-1.65% / 81.29%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure TrustManager used in LDAP connections

Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-gobblinApache Gobblin
CVE-2023-51518
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 09:09
Updated-05 May, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache James server: Privilege escalation via JMX pre-authentication deserialisation

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to:  - Upgrade to a non-vulnerable Apache James version  - Run Apache James isolated from other processes (docker - dedicated virtual machine)  - If possible turn off JMX

Action-Not Available
Vendor-The Apache Software Foundation
Product-jamesApache James serverjames_server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-51388
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.73%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 15:53
Updated-16 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HertzBeat AviatorScript Inject RCE

Hertzbeat is a real-time monitoring system. In `CalculateAlarm.java`, `AviatorEvaluator` is used to directly execute the expression function, and no security policy is configured, resulting in AviatorScript (which can execute any static method by default) script injection. Version 1.4.1 fixes this vulnerability.

Action-Not Available
Vendor-dromaradromaraThe Apache Software Foundation
Product-hertzbeathertzbeathertzbeat
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-3520
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.78%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 12:32
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Action-Not Available
Vendor-lz4_projectn/aNetApp, Inc.Splunk LLC (Cisco Systems, Inc.)Oracle Corporation
Product-lz4cloud_backupontap_select_deploy_administration_utilityzfs_storage_appliance_kitactive_iq_unified_manageruniversal_forwardercommunications_cloud_native_core_policylz4
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51467
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.00% / 99.88%
||
7 Day CHG~0.00%
Published-26 Dec, 2023 | 14:46
Updated-19 Aug, 2024 | 07:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-51653
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.94% / 90.29%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 15:39
Updated-22 Apr, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hertzbeat JMX JNDI RCE

Hertzbeat is a real-time monitoring system. In the implementation of `JmxCollectImpl.java`, `JMXConnectorFactory.connect` is vulnerable to JNDI injection. The corresponding interface is `/api/monitor/detect`. If there is a URL field, the address will be used by default. When the URL is `service:jmx:rmi:///jndi/rmi://xxxxxxx:1099/localHikari`, it can be exploited to cause remote code execution. Version 1.4.1 contains a fix for this issue.

Action-Not Available
Vendor-dromaradromaraThe Apache Software Foundation
Product-hertzbeathertzbeathertzbeat
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-51389
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.50%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 15:59
Updated-16 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HertzBeat SnakeYAML Deser RCE

Hertzbeat is a real-time monitoring system. At the interface of `/define/yml`, SnakeYAML is used as a parser to parse yml content, but no security configuration is used, resulting in a YAML deserialization vulnerability. Version 1.4.1 fixes this vulnerability.

Action-Not Available
Vendor-dromaradromaraThe Apache Software Foundation
Product-hertzbeathertzbeathertzbeat
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-51656
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 11:47
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache IoTDB: Unsafe deserialize map in Sync Tool

Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-iotdbApache IoTDB
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-49070
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.89% / 99.87%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 08:05
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pre-auth RCE in Apache Ofbiz 18.12.09 due to XML-RPC still present

Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-49109
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.23% / 86.58%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 09:58
Updated-18 Mar, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in Apache Dolphinscheduler

Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.1. We recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinSchedulerdolphinscheduler
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-33191
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.89% / 90.23%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 11:20
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command is then executed using the same privileges as the application binary. This was addressed in version 0.10.0

Action-Not Available
Vendor-The Apache Software Foundation
Product-nifi_minifi_c\+\+Apache NiFi - MiNiFi C++
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-9843
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-5.00% / 89.30%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Action-Not Available
Vendor-zlibn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB FoundationNode.js (OpenJS Foundation)Apple Inc.openSUSENetApp, Inc.
Product-enterprise_linux_desktopnode.jsenterprise_linux_eustvosenterprise_linux_workstationjdkactive_iq_unified_managerleapsatellitedatabase_serverdebian_linuxenterprise_linux_servermac_os_xoncommand_insightjresnapcenteriphone_osmariadbwatchosmysqloncommand_workflow_automationzlibopensuseubuntu_linuxn/a
CVE-2021-33574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.09%
||
7 Day CHG-0.01%
Published-25 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Action-Not Available
Vendor-n/aNetApp, Inc.GNUDebian GNU/LinuxFedora Project
Product-h300eh500scloud_backuph300s_firmwareglibch410sh300sh300e_firmwaredebian_linuxh500eh410s_firmwaree-series_santricity_os_controllerfedorah500s_firmwareh500e_firmwareh700s_firmwareh700eh700e_firmwaresolidfire_baseboard_management_controller_firmwareh700sn/a
CWE ID-CWE-416
Use After Free
CVE-2021-31522
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.80% / 90.16%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:35
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Kylin unsafe class loading

Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CVE-2021-31805
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.96% / 99.88%
||
7 Day CHG+0.01%
Published-12 Apr, 2022 | 15:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

Action-Not Available
Vendor-The Apache Software Foundation
Product-strutsApache Struts
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2022-29599
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.57%
||
7 Day CHG~0.00%
Published-23 May, 2022 | 10:25
Updated-03 Aug, 2024 | 06:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Commandline class shell injection vulnerabilities

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxmaven_shared_utilsApache Maven
CWE ID-CWE-116
Improper Encoding or Escaping of Output
CVE-2023-49733
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.39%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 11:29
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Cocoon's StreamGenerator is vulnerable to XXE injection

Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cocoonApache Cocoon
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-30180
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.16% / 86.39%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Dubbo RCE on customers via Condition route poisoning (Unsafe YAML unmarshaling)

Apache Dubbo prior to 2.7.9 support Tag routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these YAML rules, Dubbo customers may enable calling arbitrary constructors.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2021-30128
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.35% / 99.81%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 19:50
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unsafe deserialization in Apache OFBiz

Apache OFBiz has unsafe deserialization prior to 17.12.07 version

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-30179
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.58% / 87.28%
||
7 Day CHG~0.00%
Published-31 May, 2021 | 07:25
Updated-03 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Dubbo Pre-auth RCE via Java deserialization in the Generic filter

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API to make the final call. The signature for the $invoke or $invokeAsync methods is Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the first argument is the name of the method to invoke, the second one is an array with the parameter types for the method being invoked and the third one is an array with the actual call arguments. In addition, the caller also needs to set an RPC attachment specifying that the call is a generic call and how to decode the arguments. The possible values are: - true - raw.return - nativejava - bean - protobuf-json An attacker can control this RPC attachment and set it to nativejava to force the java deserialization of the byte array located in the third argument.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-9841
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-11.87% / 93.47%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Action-Not Available
Vendor-zlibn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Oracle CorporationNode.js (OpenJS Foundation)Apple Inc.openSUSENetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceenterprise_linux_eustvoshci_storage_nodee-series_santricity_web_servicesjdksatellitedatabase_serversteelstore_cloud_integrated_storagee-series_santricity_managementsymantec_netbackupmac_os_xoncommand_insightvasa_provider_for_clustered_data_ontaponcommand_performance_managersnapmanageriphone_osvirtual_storage_consoleoncommand_shiftwatchose-series_santricity_storage_managerzlibopensusenode.jsenterprise_linux_workstationactive_iq_unified_managerleapsolidfiredebian_linuxenterprise_linux_servercloud_backupjreoncommand_workflow_automationmysqlubuntu_linuxstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllern/a
CVE-2023-37895
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-7.92% / 91.67%
||
7 Day CHG~0.00%
Published-25 Jul, 2023 | 14:02
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore. In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases. How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone. The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check. RMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control. Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:         <servlet>             <servlet-name>RMI</servlet-name>             <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>         </servlet>         <servlet-mapping>             <servlet-name>RMI</servlet-name>             <url-pattern>/rmi</url-pattern>         </servlet-mapping> Find the bootstrap.properties file (in $REPOSITORY_HOME), and set         rmi.enabled=false     and also remove         rmi.host         rmi.port         rmi.url-pattern  If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.

Action-Not Available
Vendor-The Apache Software Foundation
Product-jackrabbitApache Jackrabbit Webapp (jackrabbit-webapp)Apache Jackrabbit Standalone (jackrabbit-standalone and jackrabbit-standalone-components)jackrabbit
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 8
  • 9
  • Next
Details not found