Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-07 | CVE-2024-28148 | Unspecified vulnerability in Apache Superset An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. | 4.3 |
| 2024-05-02 | CVE-2024-32114 | Unspecified vulnerability in Apache Activemq In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. | 8.8 |
| 2024-04-22 | CVE-2024-27348 | Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | 9.8 |
| 2024-04-18 | CVE-2024-31869 | Unspecified vulnerability in Apache Airflow Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). | 4.3 |
| 2024-04-09 | CVE-2024-31863 | Unspecified vulnerability in Apache Zeppelin 0.10.1 Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | 5.3 |
| 2024-04-04 | CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. | 7.5 |
| 2024-04-04 | CVE-2024-29006 | Unspecified vulnerability in Apache Cloudstack By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. | 9.8 |
| 2024-04-02 | CVE-2024-29834 | Unspecified vulnerability in Apache Pulsar This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. | 6.4 |
| 2024-03-29 | CVE-2024-23537 | Unspecified vulnerability in Apache Fineract Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 8.8 |
| 2024-03-29 | CVE-2024-23538 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. | 9.8 |