Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-33933 Unspecified vulnerability in Apache Traffic Server
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions
network
low complexity
apache
7.5
2023-06-14 CVE-2023-34396 Unspecified vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
network
low complexity
apache
7.5
2023-06-12 CVE-2023-34468 Unspecified vulnerability in Apache Nifi
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
network
low complexity
apache
8.8
2023-06-07 CVE-2023-30575 Unspecified vulnerability in Apache Guacamole
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
network
low complexity
apache
7.5
2023-06-07 CVE-2023-30576 Unspecified vulnerability in Apache Guacamole
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer.
network
high complexity
apache
8.1
2023-05-30 CVE-2023-33234 Unspecified vulnerability in Apache Airflow Cncf Kubernetes
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner.  Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.
network
low complexity
apache
7.2
2023-05-30 CVE-2023-30601 Unspecified vulnerability in Apache Cassandra
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.
local
low complexity
apache
7.8
2023-05-22 CVE-2023-31064 Unspecified vulnerability in Apache Inlong
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.
network
low complexity
apache
7.5
2023-05-22 CVE-2023-31103 Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
network
low complexity
apache
7.5
2023-05-22 CVE-2023-31206 Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong.
network
low complexity
apache
7.5