Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. 		5.9
5.9
2023-12-18 CVE-2023-41314 Unspecified vulnerability in Apache Doris
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
network
low complexity
apache
8.2
8.2
2023-12-15 CVE-2023-30867 SQL Injection vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1
In the Streampark platform, when users log in to the system and use certain features, some pages provide a name-based fuzzy search, such as job names, role names, etc.
network
low complexity
apache CWE-89
4.9
4.9
2023-12-15 CVE-2023-49898 Unspecified vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1
In streampark, there is a project module that integrates Maven's compilation capability.
network
low complexity
apache
7.2
7.2
2023-12-15 CVE-2023-29234 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
 9.8
9.8
2023-12-15 CVE-2023-46279 Unspecified vulnerability in Apache Dubbo 3.1.5
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
 9.8
9.8
2023-12-14 CVE-2023-46750 Unspecified vulnerability in Apache Shiro
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.
network
low complexity
apache
6.1
6.1
2023-12-13 CVE-2023-45725 Unspecified vulnerability in Apache Couchdb
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: *   list *   show *   rewrite *   update An attacker can leak the session component using an HTML-like output, insert the session as an external resource (such as an image), or store the credential in a _local document with an "update" function. For the attack to succeed the attacker has to be able to insert the design documents into the database, then manipulate a user to access a function from that design document. Workaround: Avoid using design documents from untrusted sources which may attempt to access or manipulate request object's headers
network
low complexity
apache
5.7
5.7
2023-12-07 CVE-2023-50164 Unspecified vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache
critical
 9.8
9.8
2023-12-05 CVE-2023-41835 Incomplete Cleanup vulnerability in Apache Struts
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
network
low complexity
apache CWE-459
7.5
7.5