Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-18 CVE-2023-40037 Incorrect Comparison vulnerability in Apache Nifi 1.21.0/1.22.0/1.23.0
Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs.
network
low complexity
apache CWE-697
6.5
2023-08-06 CVE-2023-37581 Unspecified vulnerability in Apache Roller
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack.
network
low complexity
apache
5.4
2023-07-25 CVE-2023-38435 Cross-site Scripting vulnerability in Apache Felix Health Check Webconsole Plugin 0.1.1/2.0.0/2.0.2
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.
network
low complexity
apache CWE-79
6.1
2023-07-25 CVE-2023-34189 Unspecified vulnerability in Apache Inlong
Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.
network
low complexity
apache
6.5
2023-07-12 CVE-2022-46651 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view.
network
low complexity
apache
6.5
2023-07-12 CVE-2023-22887 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter.
network
low complexity
apache
6.5
2023-07-12 CVE-2023-22888 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter.
network
low complexity
apache
6.5
2023-07-12 CVE-2023-31007 Unspecified vulnerability in Apache Pulsar
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.
network
low complexity
apache
6.5
2023-07-12 CVE-2023-35908 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected
network
low complexity
apache
6.5
2023-07-12 CVE-2023-36543 Unspecified vulnerability in Apache Airflow
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
network
low complexity
apache
6.5