Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-07 CVE-2024-42222 Unspecified vulnerability in Apache Cloudstack 4.19.1.0
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts.
network
low complexity
apache
4.3
2024-08-02 CVE-2024-27182 Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.3.2/1.4.0/1.5.0
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.
network
low complexity
apache CWE-552
4.9
2024-07-26 CVE-2024-25090 Unspecified vulnerability in Apache Roller
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack.
network
low complexity
apache
5.4
2024-07-22 CVE-2024-34457 Unspecified vulnerability in Apache Streampark
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4
network
low complexity
apache
6.5
2024-07-22 CVE-2024-38503 Unspecified vulnerability in Apache Syncope
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue.
network
low complexity
apache
5.4
2024-07-18 CVE-2024-40725 Unspecified vulnerability in Apache Http Server 2.4.60/2.4.61
A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers.
network
low complexity
apache
5.3
2024-07-17 CVE-2023-52291 Unspecified vulnerability in Apache Streampark
In streampark, the project module integrates Maven's compilation capabilities.
network
low complexity
apache
4.7
2024-07-17 CVE-2024-29737 Unspecified vulnerability in Apache Streampark
In streampark, the project module integrates Maven's compilation capabilities.
network
low complexity
apache
4.7
2024-07-17 CVE-2024-31979 Unspecified vulnerability in Apache Streampipes
Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements.
network
low complexity
apache
4.3
2024-07-17 CVE-2024-39863 Cross-site Scripting vulnerability in Apache Airflow
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.
network
low complexity
apache CWE-79
5.4