Latest medium severity vulnerabilities for "apache zeppelin"

Where

AND

Sort:

Versions

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: LDAP search filter query Injection Vulnerability

Risk 29

Severity

6.5

EPSS

0.04%

First published (updated )

CVE-2024-31867

maven/org.apache.zeppelin:zeppelin-interpreterApache Zeppelin: XSS vulnerability in the helium module

Risk 28

Severity

6.1

EPSS

0.04%

First published (updated )

CVE-2024-31868

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Cron arbitrary user impersonation with improper privileges

Risk 29

Severity

6.5

EPSS

0.04%

First published (updated )

CVE-2024-31865

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Replacing other users notebook, bypassing any permissions

Risk 28

Severity

6.5

EPSS

0.04%

First published (updated )

CVE-2024-31863

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Denial of service with invalid notebook name

Risk 20

Severity

5.3

EPSS

0.04%

First published (updated )

CVE-2024-31862

maven/org.apache.zeppelin:sapApache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

Risk 28

Severity

5.3

First published (updated )

CVE-2022-47894

maven/org.apache.zeppelin:zeppelin-webApache Zeppelin: CSRF vulnerability in the Credentials page

Risk 36

Severity

5.4

First published (updated )

CVE-2021-28656

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Path traversal vulnerability

Risk 28

Severity

6.5

EPSS

0.04%

First published (updated )

CVE-2024-31860

Apache ZeppelinApache Zeppelin: Stored XSS in note permissions

Risk 34

Severity

5.4

First published (updated )

CVE-2022-46870

Apache ZeppelinApache Zeppelin: Arbitrary file deletion vulnerability

Risk 40

Severity

6.5

First published (updated )

CVE-2021-28655

Apache ZeppelinCross Site Scripting in markdown interpreter

Risk 38

Severity

6.1

First published (updated )

CVE-2021-27578

Apache ZeppelinXSS

Risk 38

Severity

6.1

First published (updated )

CVE-2018-1328

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Trending

Versions

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: LDAP search filter query Injection Vulnerability

maven/org.apache.zeppelin:zeppelin-interpreterApache Zeppelin: XSS vulnerability in the helium module

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Cron arbitrary user impersonation with improper privileges

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Replacing other users notebook, bypassing any permissions

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Denial of service with invalid notebook name

Don't miss critical vulnerabilities

maven/org.apache.zeppelin:sapApache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE

maven/org.apache.zeppelin:zeppelin-webApache Zeppelin: CSRF vulnerability in the Credentials page

maven/org.apache.zeppelin:zeppelin-serverApache Zeppelin: Path traversal vulnerability

Apache ZeppelinApache Zeppelin: Stored XSS in note permissions

Apache ZeppelinApache Zeppelin: Arbitrary file deletion vulnerability

Don't miss critical vulnerabilities

Apache ZeppelinCross Site Scripting in markdown interpreter

Apache ZeppelinXSS

Company

Resources

Contact