Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-12 | CVE-2024-27317 | Unspecified vulnerability in Apache Pulsar In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. | 9.9 |
| 2024-03-12 | CVE-2024-27894 | Unspecified vulnerability in Apache Pulsar The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. | 8.8 |
| 2024-03-12 | CVE-2024-28098 | Unspecified vulnerability in Apache Pulsar The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. | 5.4 |
| 2024-02-29 | CVE-2024-23807 | Unspecified vulnerability in Apache Xerces-C++ The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. | 9.8 |
| 2024-02-29 | CVE-2024-23946 | Unspecified vulnerability in Apache Ofbiz Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | 5.3 |
| 2024-02-28 | CVE-2024-24772 | SQL Injection vulnerability in Apache Superset A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | 4.3 |
| 2024-02-28 | CVE-2024-24773 | Incorrect Authorization vulnerability in Apache Superset Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | 6.5 |
| 2024-02-28 | CVE-2024-24779 | Unspecified vulnerability in Apache Superset Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. | 6.5 |
| 2024-02-28 | CVE-2024-26016 | Unspecified vulnerability in Apache Superset A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. | 5.4 |
| 2024-02-28 | CVE-2024-27315 | Unspecified vulnerability in Apache Superset An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. | 4.3 |