Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-05 CVE-2024-36448 Unspecified vulnerability in Apache Iotdb Workbench 0.13.0
** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue.
network
low complexity
apache
7.3
2024-07-26 CVE-2023-38522 Unspecified vulnerability in Apache Traffic Server
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers.
network
low complexity
apache
7.5
2024-07-26 CVE-2024-35161 Unspecified vulnerability in Apache Traffic Server
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers.
network
low complexity
apache
7.5
2024-07-26 CVE-2024-35296 Unspecified vulnerability in Apache Traffic Server
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
network
low complexity
apache
8.2
2024-07-24 CVE-2023-48362 Unspecified vulnerability in Apache Drill
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.
network
low complexity
apache
8.8
2024-07-24 CVE-2024-39676 Unspecified vulnerability in Apache Pinot
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details:  When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g.
network
low complexity
apache
7.5
2024-07-22 CVE-2024-23321 Unspecified vulnerability in Apache Rocketmq
For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces.
network
low complexity
apache
8.8
2024-07-19 CVE-2024-41107 Unspecified vulnerability in Apache Cloudstack
The CloudStack SAML authentication (disabled by default) does not enforce signature check.
network
high complexity
apache
8.1
2024-07-19 CVE-2024-32007 Unspecified vulnerability in Apache CXF
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 
network
low complexity
apache
7.5
2024-07-19 CVE-2024-41172 Unspecified vulnerability in Apache CXF
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
network
low complexity
apache
7.5