Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2024-11-21 CVE-2024-52067 Information Exposure Through Log Files vulnerability in Apache Nifi
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process.
network
low complexity
apache CWE-532
4.9
2024-11-20 CVE-2018-9481 Integer Overflow or Wraparound vulnerability in multiple products
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow.
low complexity
google apache CWE-190
6.5
2024-11-18 CVE-2024-48962 Code Injection vulnerability in Apache Ofbiz
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
network
low complexity
apache CWE-94
8.8
2024-11-12 CVE-2024-50386 Unspecified vulnerability in Apache Cloudstack
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances.
network
low complexity
apache
critical
9.9
2024-11-07 CVE-2024-38286 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89.
network
low complexity
apache netapp
7.5
2024-10-31 CVE-2024-43383 Deserialization of Untrusted Data vulnerability in Apache Lucene.Net 4.8.0
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type.
network
high complexity
apache CWE-502
8.1
2024-10-29 CVE-2024-45477 Unspecified vulnerability in Apache Nifi
Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting.
network
low complexity
apache
4.6
2024-10-16 CVE-2024-45461 Missing Authorization vulnerability in Apache Cloudstack
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default.
network
low complexity
apache CWE-862
6.3
2024-10-16 CVE-2024-45462 Unspecified vulnerability in Apache Cloudstack
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service.
local
low complexity
apache
7.1
2024-10-16 CVE-2024-45693 Unspecified vulnerability in Apache Cloudstack
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests.
network
low complexity
apache
8.8