Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2024-05-07 CVE-2024-28148 Unspecified vulnerability in Apache Superset
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
network
low complexity
apache
4.3
2024-05-02 CVE-2024-32114 Unspecified vulnerability in Apache Activemq
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication.
network
low complexity
apache
8.8
2024-04-22 CVE-2024-27348 Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
network
low complexity
apache
critical
9.8
2024-04-18 CVE-2024-31869 Unspecified vulnerability in Apache Airflow
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations).
network
low complexity
apache
4.3
2024-04-09 CVE-2024-31863 Unspecified vulnerability in Apache Zeppelin 0.10.1
Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue.
network
low complexity
apache
5.3
2024-04-04 CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response.
network
low complexity
apache fedoraproject netapp
7.5
2024-04-04 CVE-2024-29006 Unspecified vulnerability in Apache Cloudstack
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request.
network
low complexity
apache
critical
9.8
2024-04-02 CVE-2024-29834 Unspecified vulnerability in Apache Pulsar
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction.
network
low complexity
apache
6.4
2024-03-29 CVE-2024-23537 Unspecified vulnerability in Apache Fineract
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue.
network
low complexity
apache
8.8
2024-03-29 CVE-2024-23538 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
network
low complexity
apache
critical
9.8