Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2024-39877 | Unspecified vulnerability in Apache Airflow Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. | 8.8 |
| 2024-07-15 | CVE-2023-46801 | Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis <= 1.5.0, data source management module, when adding Mysql data source, exists remote code execution vulnerability for java version < 1.8.0_241. | 8.8 |
| 2024-07-15 | CVE-2023-49566 | Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis <=1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. | 8.8 |
| 2024-07-01 | CVE-2024-38477 | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | 7.5 |
| 2024-05-02 | CVE-2024-32114 | Unspecified vulnerability in Apache Activemq In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. | 8.8 |
| 2024-04-04 | CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. | 7.5 |
| 2024-03-29 | CVE-2024-23537 | Unspecified vulnerability in Apache Fineract Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 8.8 |
| 2024-03-14 | CVE-2024-28746 | Unspecified vulnerability in Apache Airflow 2.8.0/2.8.1/2.8.2 Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | 8.1 |
| 2024-03-12 | CVE-2022-34321 | Unspecified vulnerability in Apache Pulsar Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. | 8.2 |
| 2024-03-12 | CVE-2024-27894 | Unspecified vulnerability in Apache Pulsar The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. | 8.8 |