CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23953 – Apache Hive: Timing Attack Against Signature in LLAP util
https://notcve.org/view.php?id=CVE-2024-23953
28 Jan 2025 — Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0, which fixes this issue. The problem occurs when an application doesn’t use a constant-time algorithm for validating a signature. The method Arrays.equals() returns false right away when it sees that one of the in... • https://blog.gypsyengineer.com/en/security/preventing-timing-attacks-with-codeql.html • CWE-208: Observable Timing Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24783 – Apache Cocoon: continuations may not be private
https://notcve.org/view.php?id=CVE-2025-24783
27 Jan 2025 — Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable ... • https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24814 – Apache Solr: Core-creation with "trusted" configset can use arbitrary untrusted files
https://notcve.org/view.php?id=CVE-2025-24814
27 Jan 2025 — Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are tre... • https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52012 – Apache Solr: Configset upload on Windows allows arbitrary path write-access
https://notcve.org/view.php?id=CVE-2024-52012
27 Jan 2025 — Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API. Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem. This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue. • https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd • CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53299 – Apache Wicket: An attacker can intentionally trigger a memory leak
https://notcve.org/view.php?id=CVE-2024-53299
23 Jan 2025 — The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue. • https://lists.apache.org/thread/gyp2ht00c62827y0379lxh5dbx3hhho5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45479 – Apache Ranger: SSRF in Edit Service page - Add logic to filter requests to localhost
https://notcve.org/view.php?id=CVE-2024-45479
21 Jan 2025 — SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. SSRF vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45478 – Apache Ranger: Stored XSS in Edit Service page - Add logic to validate user input
https://notcve.org/view.php?id=CVE-2024-45478
21 Jan 2025 — Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue. • https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51941 – Apache Ambari: Remote Code Injection in Ambari Metrics and AMS Alerts
https://notcve.org/view.php?id=CVE-2024-51941
21 Jan 2025 — A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari. • https://lists.apache.org/thread/xq50nlff7o7z1kq3y637clzzl6mjhl8j • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23196 – Apache Ambari: Code Injection Vulnerability in Ambari Alert Definition
https://notcve.org/view.php?id=CVE-2025-23196
21 Jan 2025 — A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when defining alert scripts, where the script filename field is executed using `sh -c`. An attacker with authenticated access can exploit this vulnerability to inject malicious commands, leading to remote code execution on the server. The issue has been fixed in the latest versions of Ambari. • https://lists.apache.org/thread/70g1l5lxvko7kvhyxmtmklhhfrlon837 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23195 – Apache Ambari: XML External Entity (XXE) Vulnerability in Ambari/Oozie
https://notcve.org/view.php?id=CVE-2025-23195
21 Jan 2025 — An XML External Entity (XXE) vulnerability exists in the Ambari/Oozie project, allowing an attacker to inject malicious XML entities. This vulnerability occurs due to insecure parsing of XML input using the `DocumentBuilderFactory` class without disabling external entity resolution. An attacker can exploit this vulnerability to read arbitrary files on the server or perform server-side request forgery (SSRF) attacks. The issue has been fixed in both Ambari 2.7.9 and the trunk branch. • https://lists.apache.org/thread/hsb6mvxd7g37dq1ygtd0pd88gs9tfcwq • CWE-611: Improper Restriction of XML External Entity Reference •