VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.solr:solr-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-9803 high 7.5 7.5 9y ago Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this… debianjavaapache
CVE-2017-3163 high 7.5 7.5 9y ago Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core debianjavaapache
CVE-2017-7660 high 7.5 7.5 9y ago Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster a… debianjavaapache
CVE-2012-6612 high 7.5 13y ago Improper Restriction of XML External Entity Reference in Apache Solr debianjavaapache
CVE-2013-6408 medium 6.4 13y ago XML Injection in Apache Solr debianjavaapache
CVE-2013-6407 medium 6.4 13y ago The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity r… debianjavaapache
CVE-2015-8797 medium 6.1 6.1 10y ago Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HT… debianjavaapache
CVE-2015-8795 medium 6.1 6.1 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled duri… debianjavaapache
CVE-2021-29262 medium 5.5 5y ago When starting Apache Solr versions prior to 8.8.2, configured with the SaslZkACLProvider or VMParamsAllAndReadonlyDigestZkACLProvider and no existing security.json znode, if the optional read-only us… archdebianjava
CVE-2013-6397 medium 4.3 13y ago Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/selec… debianjavaapache
CVE-2019-0193 unknown 1.5 7y ago XML External Entity (XXE) Injection in Apache Solr debianjava
CVE-2025-24814 unknown 1y ago Apache Solr vulnerable to Execution with Unnecessary Privileges debianjava
CVE-2024-52012 unknown 1y ago Apache Solr Relative Path Traversal vulnerability debianjava
CVE-2023-50291 unknown 2y ago Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies debianjava
CVE-2023-50292 unknown 2y ago Apache Solr Schema Designer blindly "trusts" all configsets debianjava
CVE-2023-50386 unknown 2y ago Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets debianjava
CVE-2020-13957 unknown 4y ago Incorrect Authorization in Apache Solr debianjava
CVE-2018-1308 unknown 8y ago There is a XML external entity expansion (XXE) vulnerability in Apache Solr debianjava
CVE-2018-8026 unknown 8y ago XML external entity expansion in org.apache.solr:solr-core debianjava