Malicious configuration can lead to unauthorized file access in Apache Livy.
This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later.
A request that includes a Sp
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy.
This issue affects Apache Livy: from 0.3.0 before 0.9.0.
The vulnerability can only be ex
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.
Apache Kafka Clients accept configuration data for customizing behavior, and
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.
This issue affects Apache StreamPipes: through 0.95.1.
U
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to access files unauthorized
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to execute arbitrary code remotely
Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive config
Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information an
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.
This issue affects Apache IoTDB: fr
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through
Relative Path Traversal vulnerability in Apache Solr.
Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload"
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via un
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements.
Previously, StreamPipes allowed users to configure custom endpoints from which
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FileBird Document Library.This issue affects FileBird Document Library: from n/a through 2.0.6.
The vulnerability affects Ignition SCADA applications where Python
scripting is utilized for automation purposes. The vulnerability arises
from the absence of proper security controls that restrict
File access paths in configuration files uploaded by users with administrator access are not validated.
This issue affects Apache Jena version up to 5.4.0.
Users are recommended to upgrade to versio
Core creation allows users to replace "trusted" configset files with arbitrary configuration
Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "us
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception duri
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to au
Overview
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)
Description
Hitachi Va
Page 1+ Next →