Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-19 | CVE-2023-43826 | Unspecified vulnerability in Apache Guacamole Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. | 8.8 |
2023-12-19 | CVE-2023-49736 | Unspecified vulnerability in Apache Superset A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue. | 8.8 |
2023-12-18 | CVE-2023-41314 | Unspecified vulnerability in Apache Doris The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues. | 8.2 |
2023-12-15 | CVE-2023-49898 | Unspecified vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1 In streampark, there is a project module that integrates Maven's compilation capability. | 7.2 |
2023-12-05 | CVE-2023-41835 | Incomplete Cleanup vulnerability in Apache Struts When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. | 7.5 |
2023-11-30 | CVE-2023-49735 | Unspecified vulnerability in Apache Tiles 2.0 ** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. | 7.5 |
2023-11-28 | CVE-2022-41678 | Unspecified vulnerability in Apache Activemq Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. | 8.8 |
2023-11-28 | CVE-2023-46589 | HTTP Request Smuggling vulnerability in Apache Tomcat Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. | 7.5 |
2023-11-27 | CVE-2023-40610 | Unspecified vulnerability in Apache Superset Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. | 8.8 |
2023-11-27 | CVE-2023-49068 | Unspecified vulnerability in Apache Dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | 7.5 |