Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-45720 Unspecified vulnerability in Apache Subversion
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only.
local
low complexity
apache
7.8
2024-09-30 CVE-2024-45772 Deserialization of Untrusted Data vulnerability in Apache Lucene
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator. This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0. The deprecated org.apache.lucene.replicator.http package is affected. The org.apache.lucene.replicator.nrt package is not affected. Users are recommended to upgrade to version 9.12.0, which fixes the issue. The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient).
low complexity
apache CWE-502
8.0
2024-09-26 CVE-2024-47197 Insecure Storage of Sensitive Information vulnerability in Apache Maven Archetype 3.2.1
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype integration testing creates a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users ~/.m2/settings.xml file, which often contains information they do not want to publish.
network
low complexity
apache CWE-922
7.5
2024-09-04 CVE-2024-45195 Forced Browsing vulnerability in Apache Ofbiz
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.
network
low complexity
apache CWE-425
7.5
2024-08-21 CVE-2023-49198 Unspecified vulnerability in Apache Seatunnel 1.0.0
Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.
network
low complexity
apache
7.5
2024-08-20 CVE-2024-42362 Deserialization of Untrusted Data vulnerability in Apache Hertzbeat
Hertzbeat is an open source, real-time monitoring system.
network
low complexity
apache CWE-502
8.8
2024-08-12 CVE-2024-29831 Unspecified vulnerability in Apache Dolphinscheduler
Improper Input Validation vulnerability in Apache DolphinScheduler.
network
low complexity
apache
8.8
2024-08-12 CVE-2024-30188 Unspecified vulnerability in Apache Dolphinscheduler
File read and write vulnerability in Apache DolphinScheduler ,  authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler: from 3.1.0 before 3.2.2. Users are recommended to upgrade to version 3.2.2, which fixes the issue.
network
low complexity
apache
8.1
2024-08-07 CVE-2024-42062 Incorrect Authorization vulnerability in Apache Cloudstack
CloudStack account-users by default use username and password based authentication for API and UI access.
network
low complexity
apache CWE-863
7.2
2024-08-05 CVE-2024-36448 Unspecified vulnerability in Apache Iotdb Workbench 0.13.0
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
7.3