Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-14 | CVE-2023-50780 | Unspecified vulnerability in Apache Activemq Artemis Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. | 8.8 |
2024-10-09 | CVE-2024-45720 | Unspecified vulnerability in Apache Subversion On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. | 7.8 |
2024-09-30 | CVE-2024-45772 | Deserialization of Untrusted Data vulnerability in Apache Lucene Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). | 8.0 |
2024-09-26 | CVE-2024-47197 | Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1 Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish. | 7.5 |
2024-09-17 | CVE-2024-45384 | Unspecified vulnerability in Apache Druid Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution. | 5.3 |
2024-09-17 | CVE-2024-45537 | Unspecified vulnerability in Apache Druid Apache Druid allows users with certain permissions to read data from other database systems using JDBC. | 6.5 |
2024-09-16 | CVE-2024-22399 | Unspecified vulnerability in Apache Seata Deserialization of Untrusted Data vulnerability in Apache Seata. When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. | 9.8 |
2024-09-04 | CVE-2024-45195 | Forced Browsing vulnerability in Apache Ofbiz Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 7.5 |
2024-09-04 | CVE-2024-45507 | Unspecified vulnerability in Apache Ofbiz Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. | 9.8 |
2024-08-26 | CVE-2023-49582 | Unspecified vulnerability in Apache Portable Runtime Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. | 5.5 |