CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1941
https://notcve.org/view.php?id=CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gráfica de administración webconsole está abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola. • http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-aler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users. Hay un problema presente en Apache ZooKeeper 1.0.0 a 3.4.13 y 3.5.0-alpha a 3.5.4-beta. • http://www.securityfocus.com/bid/108427 https://access.redhat.com/errata/RHSA-2019:3140 https://access.redhat.com/errata/RHSA-2019:3892 https://access.redhat.com/errata/RHSA-2019:4352 https://issues.apache.org/jira/browse/ZOOKEEPER-1392 https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html&#x • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 139EXPL: 0CVE-2019-10241 – jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
https://notcve.org/view.php?id=CVE-2019-10241
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. Eclipse Jetty versiones 9.2.26 y anteriores, 9.3.25 y anteriores, 9.3.25 y anteriores, y 9.4.15 y anteriores. El servidor es vulnerable a un Cross-Site Scripting (XSS) si un cliente remoto emplea una URL especialmente formada contra el DefaultServlet o ResourceHandler que esté configurado para mostrar un listado del contenido de los directorios. • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121 https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •