Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2023-49582 | Unspecified vulnerability in Apache Portable Runtime Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. | 5.5 |
| 2024-08-21 | CVE-2024-41937 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. | 6.1 |
| 2024-08-12 | CVE-2024-41909 | Unspecified vulnerability in Apache Mina Sshd Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795. | 5.9 |
| 2024-08-12 | CVE-2024-41888 | Unspecified vulnerability in Apache Answer Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. The password reset link remains valid within its expiration period even after it has been used. | 5.3 |
| 2024-08-12 | CVE-2024-41890 | Unspecified vulnerability in Apache Answer Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. | 5.3 |
| 2024-08-07 | CVE-2024-42222 | Unspecified vulnerability in Apache Cloudstack 4.19.1.0 In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. | 4.3 |
| 2024-08-02 | CVE-2024-27182 | Files or Directories Accessible to External Parties vulnerability in Apache Linkis 1.3.2/1.4.0/1.5.0 In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue. | 4.9 |
| 2024-07-26 | CVE-2024-25090 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
| 2024-07-22 | CVE-2024-34457 | Unspecified vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
| 2024-07-22 | CVE-2024-38503 | Unspecified vulnerability in Apache Syncope When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits. The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”. Users are recommended to upgrade to version 3.0.8, which fixes this issue. | 5.4 |