Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-24 | CVE-2024-27136 | Unspecified vulnerability in Apache Jspwiki XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Unspecified vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-12 | CVE-2024-36265 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-06-12 | CVE-2024-36264 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-05-08 | CVE-2024-32113 | Unspecified vulnerability in Apache Ofbiz Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 9.8 |
| 2024-04-22 | CVE-2024-27348 | Unspecified vulnerability in Apache Hugegraph 1.0.0/1.2.0 RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. | 9.8 |
| 2024-04-04 | CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. | 7.5 |
| 2024-02-29 | CVE-2024-23946 | Unspecified vulnerability in Apache Ofbiz Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | 5.3 |
| 2024-02-19 | CVE-2024-25710 | Unspecified vulnerability in Apache Commons Compress Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | 5.5 |
| 2024-02-19 | CVE-2024-26308 | Unspecified vulnerability in Apache Commons Compress Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | 5.5 |