Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-45462 Unspecified vulnerability in Apache Cloudstack
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service.
local
low complexity
apache
7.1
2024-10-16 CVE-2024-45693 Unspecified vulnerability in Apache Cloudstack
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests.
network
low complexity
apache
8.8
2024-10-14 CVE-2023-50780 Unspecified vulnerability in Apache Activemq Artemis
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint.
network
low complexity
apache
8.8
2024-09-30 CVE-2024-45772 Deserialization of Untrusted Data vulnerability in Apache Lucene
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient).
low complexity
apache CWE-502
8.0
2024-09-26 CVE-2024-47197 Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish.
network
low complexity
apache CWE-922
7.5
2024-09-04 CVE-2024-45195 Unspecified vulnerability in Apache Ofbiz
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache
7.5
2024-08-21 CVE-2023-49198 Unspecified vulnerability in Apache Seatunnel 1.0.0
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
network
low complexity
apache
7.5
2024-08-20 CVE-2024-42362 Deserialization of Untrusted Data vulnerability in Apache Hertzbeat
Hertzbeat is an open source, real-time monitoring system.
network
low complexity
apache CWE-502
8.8
2024-08-12 CVE-2024-30188 Unspecified vulnerability in Apache Dolphinscheduler
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.
network
low complexity
apache
8.1
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2