Vulnerabilities > Apache > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2024-30471 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Streampipes Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0. Users are recommended to upgrade to version 0.95.0, which fixes the issue. | 3.7 |
| 2024-01-10 | CVE-2023-49619 | Race Condition vulnerability in Apache Answer Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. | 3.1 |
| 2023-07-10 | CVE-2023-34442 | Unspecified vulnerability in Apache Camel Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3. Users should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1 | 3.3 |
| 2022-09-28 | CVE-2021-43980 | Race Condition vulnerability in multiple products The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. | 3.7 |
| 2022-06-27 | CVE-2022-33879 | Unspecified vulnerability in Apache Tika The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. | 3.3 |
| 2022-02-04 | CVE-2021-36151 | Information Exposure vulnerability in Apache Gobblin In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. | 2.1 |
| 2021-10-18 | CVE-2021-32609 | Cross-site Scripting vulnerability in Apache Superset Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. | 3.5 |
| 2021-04-01 | CVE-2021-28163 | Link Following vulnerability in multiple products In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. | 2.7 |
| 2021-02-20 | CVE-2021-26544 | Cross-site Scripting vulnerability in Apache Livy 0.7.0Incubating Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. | 3.5 |
| 2020-12-01 | CVE-2020-11990 | Unspecified vulnerability in Apache Cordova 4.1.0 We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. | 2.1 |