CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51504 – Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
https://notcve.org/view.php?id=CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which uses HTTP request headers, is weak and allows an attacker to bypass authentication via spoofing client's IP address in request headers. Default configuration honors X-Forwarded-For HTTP header to read client's IP address. X-Forwarded-For request header is mainly used by proxy servers to identify the client and can be easily spoofed by an attacker pretending that the request comes from a different IP address. Admin Server commands, such as snapshot and restore arbitrarily can be executed on successful exploitation which could potentially lead to information leakage or service availability issues. • https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23590 – Apache Kylin: Session fixation in web interface
https://notcve.org/view.php?id=CVE-2024-23590
Session Fixation vulnerability in Apache Kylin. This issue affects Apache Kylin: from 2.0.0 through 4.x. Users are recommended to upgrade to version 5.0.0 or above, which fixes the issue. • https://lists.apache.org/thread/7161154h0k6zygr9917qq0g95p39szml • CWE-384: Session Fixation •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43383 – Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator
https://notcve.org/view.php?id=CVE-2024-43383
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. • https://lists.apache.org/thread/wlz1p76dxpt4rl9o29voxjd5zl7717nh • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38286 – Apache Tomcat: Denial of Service
https://notcve.org/view.php?id=CVE-2024-38286
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process. Vulnerabilidad de asignación de recursos sin límites o limitación de recursos en Apache Tomcat. Este problema afecta a Apache Tomcat: desde la versión 11.0.0-M1 hasta la 11.0.0-M20, desde la versión 10.1.0-M1 hasta la 10.1.24, desde la versión 9.0.13 hasta la 9.0.89. También pueden verse afectadas versiones anteriores no compatibles. • https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s https://access.redhat.com/security/cve/CVE-2024-38286 https://bugzilla.redhat.com/show_bug.cgi?id=2314686 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3935 – Eclipse Mosquito: Double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3935
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker. En Eclipse Mosquito, versiones desde 2.0.0 hasta 2.0.18, si un agente Mosquitto está configurado para crear una conexión de puente saliente y esa conexión de puente tiene un tema entrante configurado que hace uso de reasignación de temas, entonces si la conexión remota envía un paquete PUBLISH manipulado al agente, se producirá una doble liberación con un bloqueo posterior del agente. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197 https://mosquitto.org/blog/2024/10/version-2-0-19-released https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9 • CWE-415: Double Free •