Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2024-07-15 CVE-2023-41916 Files or Directories Accessible to External Parties vulnerability in Apache Linkis
In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading.
network
low complexity
apache CWE-552
6.5
2024-07-15 CVE-2023-46801 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241.
network
low complexity
apache CWE-502
8.8
2024-07-15 CVE-2023-49566 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection.
network
low complexity
apache CWE-502
8.8
2024-07-08 CVE-2024-37389 Cross-site Scripting vulnerability in Apache Nifi
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting.
network
low complexity
apache CWE-79
5.4
2024-07-05 CVE-2024-38346 Code Injection vulnerability in Apache Cloudstack
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts.
network
low complexity
apache CWE-94
critical
9.8
2024-07-05 CVE-2024-39864 Improper Initialization vulnerability in Apache Cloudstack
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes.
network
low complexity
apache CWE-665
critical
9.8
2024-04-04 CVE-2024-27316 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response.
network
low complexity
apache fedoraproject netapp CWE-770
7.5
2024-02-29 CVE-2024-23946 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Ofbiz
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
network
low complexity
apache CWE-434
5.3
2024-02-19 CVE-2024-25710 Infinite Loop vulnerability in Apache Commons Compress
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
local
low complexity
apache CWE-835
5.5
2024-02-19 CVE-2024-26308 Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress
Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.
local
low complexity
apache CWE-770
5.5