11 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34271 – Apache Atlas: zip path traversal in import functionality

https://notcve.org/view.php?id=CVE-2022-34271

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0. Una vulnerabilidad en el módulo de importación de Apache Atlas permite a un usuario autenticado escribir en el sistema de archivos del servidor web. Este problema afecta a las versiones de Apache Atlas desde 0.8.4 a 2.2.0. • https://lists.apache.org/thread/0rqvcxo6brmos9w3lzfsdn2lsmlblpw3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 0

CVE-2020-17521 – groovy: OS temporary directory leads to information disclosure

https://notcve.org/view.php?id=CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. • https://groovy-lang.org/security.html#CVE-2020-17521 https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E https://security.netapp.com/advisory/ntap-20201218-0006 https://www.oracle.com//security-alerts/cpujul2021.html https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-13928

https://notcve.org/view.php?id=CVE-2020-13928

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability. Apache Atlas versiones anteriores a 2.1.0, contiene una vulnerabilidad de tipo XSS. Mientras se guardan los valores de los elementos de búsqueda o renderizado no se sanean correctamente y debido a eso se desencadena la vulnerabilidad de tipo XSS • https://lists.apache.org/thread.html/ra468036f913be41b0c8fea74f91d53e273b0bfa838a4b140a5dcd463%40%3Cuser.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2019-10070

https://notcve.org/view.php?id=CVE-2019-10070

Apache Atlas versions 0.8.3 and 1.1.0 were found vulnerable to Stored Cross-Site Scripting in the search functionality La versiones 0.8.3 y 1.1.0 de Apache Atlas fueron encontradas vulnerables a ataques de tipo Cross-Site Scripting Almacenados en la funcionalidad de búsqueda. • https://lists.apache.org/thread.html/cc21437c4c5053a13e13332d614d5172f39da03491fe17ae260be221%40%3Cdev.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-3155

https://notcve.org/view.php?id=CVE-2017-3155

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting. Apache Atlas en sus versiones 0.6.0-incubating y 0.7.0-incubating es vulnerable a cross frame scripting. • http://www.securityfocus.com/bid/100587 https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea%40%3Cdev.atlas.apache.org%3E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •