Vulnerabilities > Apache > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-07 | CVE-2024-42222 | Unspecified vulnerability in Apache Cloudstack 4.19.1.0 In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. | 4.3 |
2024-08-02 | CVE-2024-27182 | Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.3.2/1.4.0/1.5.0 In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue. | 4.9 |
2024-07-26 | CVE-2024-25090 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
2024-07-22 | CVE-2024-34457 | Unspecified vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
2024-07-22 | CVE-2024-38503 | Unspecified vulnerability in Apache Syncope When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. | 5.4 |
2024-07-18 | CVE-2024-40725 | Unspecified vulnerability in Apache Http Server 2.4.60/2.4.61 A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. | 5.3 |
2024-07-17 | CVE-2023-52291 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
2024-07-17 | CVE-2024-29737 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
2024-07-17 | CVE-2024-31979 | Unspecified vulnerability in Apache Streampipes Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. | 4.3 |
2024-07-17 | CVE-2024-39863 | Cross-site Scripting vulnerability in Apache Airflow Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. | 5.4 |