Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-05 | CVE-2024-36448 | Server-Side Request Forgery (SSRF) vulnerability in Apache Iotdb Workbench 0.13.0 ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. | 7.3 |
| 2024-07-26 | CVE-2023-38522 | HTTP Request Smuggling vulnerability in Apache Traffic Server Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. | 7.5 |
| 2024-07-26 | CVE-2024-35161 | HTTP Request Smuggling vulnerability in Apache Traffic Server Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. | 7.5 |
| 2024-07-26 | CVE-2024-35296 | Unspecified vulnerability in Apache Traffic Server Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | 8.2 |
| 2024-07-24 | CVE-2023-48362 | XXE vulnerability in Apache Drill XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. | 8.8 |
| 2024-07-24 | CVE-2024-39676 | Unspecified vulnerability in Apache Pinot Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot. This issue affects Apache Pinot: from 0.1 before 1.0.0. Users are recommended to upgrade to version 1.0.0 and configure RBAC, which fixes the issue. Details: When using a request to path “/appconfigs” to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. | 7.5 |
| 2024-07-22 | CVE-2024-23321 | Unspecified vulnerability in Apache Rocketmq For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and authorization functions. An attacker, possessing regular user privileges or listed in the IP whitelist, could potentially acquire the administrator's account and password through specific interfaces. | 8.8 |
| 2024-07-19 | CVE-2024-41107 | Authentication Bypass by Spoofing vulnerability in Apache Cloudstack The CloudStack SAML authentication (disabled by default) does not enforce signature check. | 8.1 |
| 2024-07-19 | CVE-2024-32007 | Unspecified vulnerability in Apache CXF An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. | 7.5 |
| 2024-07-19 | CVE-2024-41172 | Memory Leak vulnerability in Apache CXF In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory | 7.5 |