Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-38477 | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | 7.5 |
| 2024-06-24 | CVE-2024-27136 | Unspecified vulnerability in Apache Jspwiki XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Unspecified vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-20 | CVE-2024-34693 | Unspecified vulnerability in Apache Superset Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. | 5.3 |
| 2024-06-14 | CVE-2024-25142 | Unspecified vulnerability in Apache Airflow Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue. | 5.5 |
| 2024-06-12 | CVE-2024-36265 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-06-12 | CVE-2024-36264 | Unspecified vulnerability in Apache Submarine 0.8.0 ** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set `submarine.auth.default.secret`, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. | 9.8 |
| 2024-05-14 | CVE-2024-32077 | Unspecified vulnerability in Apache Airflow 2.9.0 Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. | 5.4 |
| 2024-05-08 | CVE-2024-26579 | Unspecified vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 | 9.8 |
| 2024-05-08 | CVE-2024-32113 | Unspecified vulnerability in Apache Ofbiz Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. | 9.8 |