Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-41937 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link.
network
low complexity
apache
6.1
2024-08-21 CVE-2023-49198 Unspecified vulnerability in Apache Seatunnel 1.0.0
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
network
low complexity
apache
7.5
2024-08-20 CVE-2024-42361 SQL Injection vulnerability in Apache Hertzbeat
Hertzbeat is an open source, real-time monitoring system.
network
low complexity
apache CWE-89
critical
9.8
2024-08-20 CVE-2024-42362 Deserialization of Untrusted Data vulnerability in Apache Hertzbeat
Hertzbeat is an open source, real-time monitoring system.
network
low complexity
apache CWE-502
8.8
2024-08-12 CVE-2024-41909 Unspecified vulnerability in Apache Mina Sshd
Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795.
network
high complexity
apache
5.9
2024-08-12 CVE-2024-30188 Unspecified vulnerability in Apache Dolphinscheduler
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.
network
low complexity
apache
8.1
2024-08-12 CVE-2024-41888 Unspecified vulnerability in Apache Answer
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used.
network
low complexity
apache
5.3
2024-08-12 CVE-2024-41890 Unspecified vulnerability in Apache Answer
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link.
network
low complexity
apache
5.3
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2
2024-08-07 CVE-2024-42222 Unspecified vulnerability in Apache Cloudstack 4.19.1.0
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts.
network
low complexity
apache
4.3