Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-19 | CVE-2024-41107 | Unspecified vulnerability in Apache Cloudstack The CloudStack SAML authentication (disabled by default) does not enforce signature check. | 8.1 |
| 2024-07-19 | CVE-2024-29736 | Unspecified vulnerability in Apache CXF A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. | 9.1 |
| 2024-07-19 | CVE-2024-32007 | Unspecified vulnerability in Apache CXF An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. | 7.5 |
| 2024-07-19 | CVE-2024-41172 | Unspecified vulnerability in Apache CXF In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory | 7.5 |
| 2024-07-18 | CVE-2024-29178 | Unspecified vulnerability in Apache Streampark On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 | 8.8 |
| 2024-07-18 | CVE-2024-40725 | Unspecified vulnerability in Apache Http Server 2.4.60/2.4.61 A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. | 5.3 |
| 2024-07-18 | CVE-2024-40898 | Unspecified vulnerability in Apache Http Server SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. | 7.5 |
| 2024-07-17 | CVE-2024-31411 | Unspecified vulnerability in Apache Streampipes Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | 8.8 |
| 2024-07-17 | CVE-2023-52291 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |