Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-11 | CVE-2023-39553 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Drill Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected. | 7.5 |
| 2023-08-09 | CVE-2022-47185 | Unspecified vulnerability in Apache Traffic Server Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 7.5 |
| 2023-08-09 | CVE-2023-33934 | Unspecified vulnerability in Apache Traffic Server Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 9.1 |
| 2023-08-06 | CVE-2023-37581 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
| 2023-08-05 | CVE-2023-39508 | Unspecified vulnerability in Apache Airflow Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. | 8.8 |
| 2023-07-29 | CVE-2023-36542 | Unspecified vulnerability in Apache Nifi Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. | 8.8 |
| 2023-07-26 | CVE-2023-38647 | Unspecified vulnerability in Apache Helix 0.9.10/0.9.9/1.2.0 An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. | 9.8 |
| 2023-07-25 | CVE-2023-38435 | Cross-site Scripting vulnerability in Apache Felix Health Check Webconsole Plugin 0.1.1/2.0.0/2.0.2 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher. | 6.1 |
| 2023-07-25 | CVE-2023-37895 | Unspecified vulnerability in Apache Jackrabbit Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. | 9.8 |
| 2023-07-25 | CVE-2023-34189 | Unspecified vulnerability in Apache Inlong Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. | 6.5 |