CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34457 – Apache StreamPark IDOR Vulnerability
https://notcve.org/view.php?id=CVE-2024-34457
22 Jul 2024 — On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, después de que un usuario normal inicia sesión con éxito, puede realizar una solicitud manualmente utilizando el token de autorización para ver la información de flink de todos los usuarios, incluidos runSQL y config. Miti... • http://www.openwall.com/lists/oss-security/2024/07/22/2 • CWE-269: Improper Privilege Management CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38503 – Apache Syncope: HTML tags can be injected into Console or Enduser text fields
https://notcve.org/view.php?id=CVE-2024-38503
22 Jul 2024 — When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. Al editar un usuario, grupo o cualquier objeto en Syncope Console, se podrían agregar etiquetas HTML a cualquier campo de texto y podrían dar lugar a posibles exploits. La misma ... • http://www.openwall.com/lists/oss-security/2024/07/22/3 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23321 – Apache RocketMQ: Unauthorized Exposure of Sensitive Data
https://notcve.org/view.php?id=CVE-2024-23321
22 Jul 2024 — For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. Such an action would grant them full control over RocketMQ, provided they have access to the broker IP address list. ... • http://www.openwall.com/lists/oss-security/2024/07/22/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 92%CPEs: 2EXPL: 1CVE-2024-41107 – Apache CloudStack: SAML Signature Exclusion
https://notcve.org/view.php?id=CVE-2024-41107
19 Jul 2024 — The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessi... • https://github.com/d0rb/CVE-2024-41107 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2024-41172 – Apache CXF: Unrestricted memory consumption in CXF HTTP clients
https://notcve.org/view.php?id=CVE-2024-41172
19 Jul 2024 — In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recop... • https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-29736 – Apache CXF: SSRF vulnerability via WADL stylesheet parameter
https://notcve.org/view.php?id=CVE-2024-29736
19 Jul 2024 — A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured. Una vulnerabilidad SSRF en la descripción del servicio WADL en versiones de Apache CXF anteriores a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar ataques de estilo SSRF en servicios web REST. El ataque sólo se aplica si se configura un parámetro de hoja de es... • https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
18 Jul 2024 — On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. El atacante debía iniciar sesión correc... • http://www.openwall.com/lists/oss-security/2024/07/18/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 24%CPEs: 1EXPL: 4CVE-2024-40725 – Apache HTTP Server: source code disclosure with handlers configured via AddType
https://notcve.org/view.php?id=CVE-2024-40725
18 Jul 2024 — A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. Una solución parcial para CVE-2024-39884 en el núcleo de Apache HTTP Se... • https://packetstorm.news/files/id/183252 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-40898 – Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
https://notcve.org/view.php?id=CVE-2024-40898
18 Jul 2024 — SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. SSRF en el servidor Apache HTTP en Windows con mod_rewrite en el contexto de servidor/vhost, permite potencialmente filtrar hashes NTML a un servidor malicioso a través de SSRF y solicitudes maliciosas. Se recomienda a los usuarios actualizar a la versión 2.4.62,... • https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29120 – Apache StreamPark: Information leakage vulnerability
https://notcve.org/view.php?id=CVE-2024-29120
17 Jul 2024 — In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc. Mitigation: all users should upgrade to 2.1.4 En Streampark (versión <2.1.4), cuando un usuario iniciaba sesión correctamente, el servicio backend devolvía "Autorización" como credencial de autenticación de front-e... • http://www.openwall.com/lists/oss-security/2024/07/17/4 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-922: Insecure Storage of Sensitive Information •