CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26307 – Apache Doris: Possible race condition
https://notcve.org/view.php?id=CVE-2024-26307
Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. Posible vulnerabilidad de condición de ejecución en Apache Doris. Parte del código que utiliza el método `chmod()`. Este método corre el riesgo de que alguien cambie el nombre del archivo por debajo del usuario y modifique el archivo incorrecto. • http://www.openwall.com/lists/oss-security/2024/03/21/2 https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29131 – Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
https://notcve.org/view.php?id=CVE-2024-29131
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Vulnerabilidad de escritura fuera de los límites en la configuración de Apache Commons. Este problema afecta a la configuración de Apache Commons: desde 2.0 antes de 2.10.1. Se recomienda a los usuarios actualizar a la versión 2.10.1, que soluciona el problema. A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error can occur when adding a property in AbstractListDelimiterHandler.flattenIterator(). • http://www.openwall.com/lists/oss-security/2024/03/20/4 https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS https://access.redhat.com/security/cve/CVE-2024-29131 https://bugzilla.redhat.com/show_bug.cgi?id=2270674 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29133 – Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
https://notcve.org/view.php?id=CVE-2024-29133
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. Vulnerabilidad de escritura fuera de los límites en la configuración de Apache Commons. Este problema afecta a la configuración de Apache Commons: desde 2.0 antes de 2.10.1. Se recomienda a los usuarios actualizar a la versión 2.10.1, que soluciona el problema. A vulnerability was found in Apache Commons-Configuration2, where a Stack Overflow Error occurs when calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree. • http://www.openwall.com/lists/oss-security/2024/03/20/3 https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS https://access.redhat.com/security/cve/CVE-2024-29133 https://bugzilla.redhat.com/show_bug.cgi?id=2270673 • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27439 – Apache Wicket: Possible bypass of CSRF protection
https://notcve.org/view.php?id=CVE-2024-27439
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. Un error en la evaluación de los encabezados de metadatos de recuperación podría permitir eludir la protección CSRF en Apache Wicket. Este problema afecta a Apache Wicket: desde 9.1.0 hasta 9.16.0 y los lanzamientos importantes para la serie 10.0. Apache Wicket 8.x no admite la protección CSRF a través de los encabezados de metadatos de recuperación y, como tal, no se ve afectado. Se recomienda a los usuarios actualizar a la versión 9.17.0 o 10.0.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/03/19/2 https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo • CWE-352: Cross-Site Request Forgery (CSRF) CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24683 – Apache Hop Engine: ID isn't escaped when generating HTML
https://notcve.org/view.php?id=CVE-2024-24683
Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client. Vulnerabilidad de validación de entrada incorrecta en Apache Hop Engine. Este problema afecta a Apache Hop Engine: anterior a 2.8.0. Se recomienda a los usuarios actualizar a la versión 2.8.0, que soluciona el problema. Cuando Hop Server escribe enlaces a la página PrepareExecutionPipelineServlet, uno de los parámetros proporcionados al usuario no se escapó correctamente. • http://www.openwall.com/lists/oss-security/2024/03/18/1 https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6t • CWE-20: Improper Input Validation •