Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-20 | CVE-2018-9481 | Integer Overflow or Wraparound vulnerability in multiple products In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. | 6.5 |
| 2024-10-29 | CVE-2024-45477 | Unspecified vulnerability in Apache Nifi Apache NiFi 1.10.0 through 1.27.0 and 2.0.0-M1 through 2.0.0-M3 support a description field for Parameters in a Parameter Context configuration that is vulnerable to cross-site scripting. | 4.6 |
| 2024-10-16 | CVE-2024-45461 | Missing Authorization vulnerability in Apache Cloudstack The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. | 6.3 |
| 2024-09-17 | CVE-2024-45384 | Unspecified vulnerability in Apache Druid Padding Oracle vulnerability in Apache Druid extension, druid-pac4j. This could allow an attacker to manipulate a pac4j session cookie. This issue affects Apache Druid versions 0.18.0 through 30.0.0. Since the druid-pac4j extension is optional and disabled by default, Druid installations not using the druid-pac4j extension are not affected by this vulnerability. While we are not aware of a way to meaningfully exploit this flaw, we nevertheless recommend upgrading to version 30.0.1 or higher which fixes the issue and ensuring you have a strong druid.auth.pac4j.cookiePassphrase as a precaution. | 5.3 |
| 2024-09-17 | CVE-2024-45537 | Unspecified vulnerability in Apache Druid Apache Druid allows users with certain permissions to read data from other database systems using JDBC. | 6.5 |
| 2024-08-26 | CVE-2023-49582 | Unspecified vulnerability in Apache Portable Runtime Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. | 5.5 |
| 2024-08-21 | CVE-2024-41937 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. | 6.1 |
| 2024-08-12 | CVE-2024-41909 | Unspecified vulnerability in Apache Mina Sshd Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. | 5.9 |
| 2024-08-12 | CVE-2024-41888 | Unspecified vulnerability in Apache Answer Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. | 5.3 |
| 2024-08-12 | CVE-2024-41890 | Unspecified vulnerability in Apache Answer Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. | 5.3 |