CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41313 – Apache Doris: Timing Attack weakness
https://notcve.org/view.php?id=CVE-2023-41313
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue. El método de autenticación en las versiones de Apache Doris anteriores a la 2.0.0 era vulnerable a ataques de sincronización. Se recomienda a los usuarios actualizar a la versión 2.0.0 + o 1.2.8, que soluciona este problema. • http://www.openwall.com/lists/oss-security/2024/03/10/2 https://lists.apache.org/thread/jqczy3vxzs6q6rz9o0626j5nks9fnv95 • CWE-208: Observable Timing Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50740 – Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
https://notcve.org/view.php?id=CVE-2023-50740
In Apache Linkis <=1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0 En Apache Linkis <= 1.4.0, la contraseña se imprime en el registro cuando se utiliza la fuente de datos de Oracle del módulo de fuente de datos de Linkis. Recomendamos a los usuarios actualizar la versión de Linkis a la versión 1.5.0 • http://www.openwall.com/lists/oss-security/2024/03/06/2 https://lists.apache.org/thread/5o342chnpyd6rps68ygzfkzycxl998yo • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26580 – Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
https://notcve.org/view.php?id=CVE-2024-26580
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673 Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde 1.8.0 hasta 1.10.0, los atacantes pueden usar el payload específica para leer desde un archivo arbitrario. Se recomienda a los usuarios actualizar a Apache InLong 1.11.0 o seleccionar [1] para resolverlo. [1] https://github.com/apache/inlong/pull/9673 • http://www.openwall.com/lists/oss-security/2024/03/06/1 https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27138 – Apache Archiva: disabling user registration is not effective
https://notcve.org/view.php?id=CVE-2024-27138
Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Vulnerabilidad de autorización incorrecta en Apache Archiva. Apache Archiva tiene una configuración para deshabilitar el registro de usuarios; sin embargo, esta restricción se puede evitar. Como Apache Archiva ha sido retirado, no esperamos lanzar una versión de Apache Archiva que solucione este problema. • http://www.openwall.com/lists/oss-security/2024/03/01/4 https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27139 – Apache Archiva: incorrect authentication potentially leading to account takeover
https://notcve.org/view.php?id=CVE-2024-27139
Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vulnerabilidad de autorización incorrecta en Apache Archiva: una vulnerabilidad en Apache Archiva permite que un atacante no autenticado modifique los datos de la cuenta, lo que podría llevar a la apropiación de la cuenta. Este problema afecta a Apache Archiva: desde 2.0.0. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. • http://www.openwall.com/lists/oss-security/2024/03/01/3 https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8 • CWE-863: Incorrect Authorization •