Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-19 CVE-2023-43826 Unspecified vulnerability in Apache Guacamole
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow.
network
low complexity
apache
8.8
2023-12-19 CVE-2023-49736 Unspecified vulnerability in Apache Superset
A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2. Users are recommended to upgrade to version 3.0.2, which fixes the issue.
network
low complexity
apache
8.8
2023-12-18 CVE-2023-41314 Unspecified vulnerability in Apache Doris
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
network
low complexity
apache
8.2
2023-12-15 CVE-2023-49898 Unspecified vulnerability in Apache Streampark 2.0.0/2.1.0/2.1.1
In streampark, there is a project module that integrates Maven's compilation capability.
network
low complexity
apache
7.2
2023-12-05 CVE-2023-41835 Incomplete Cleanup vulnerability in Apache Struts
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
network
low complexity
apache CWE-459
7.5
2023-11-30 CVE-2023-49735 Unspecified vulnerability in Apache Tiles 2.0
** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key.
network
low complexity
apache
7.5
2023-11-28 CVE-2022-41678 Unspecified vulnerability in Apache Activemq
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject.
network
low complexity
apache
8.8
2023-11-28 CVE-2023-46589 HTTP Request Smuggling vulnerability in Apache Tomcat
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers.
network
low complexity
apache CWE-444
7.5
2023-11-27 CVE-2023-40610 Unspecified vulnerability in Apache Superset
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2.
network
low complexity
apache
8.8
2023-11-27 CVE-2023-49068 Unspecified vulnerability in Apache Dolphinscheduler
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue.
network
low complexity
apache
7.5