Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2023-41916 | Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. | 6.5 |
| 2024-07-08 | CVE-2024-37389 | Cross-site Scripting vulnerability in Apache Nifi Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. | 5.4 |
| 2024-06-24 | CVE-2024-27136 | Unspecified vulnerability in Apache Jspwiki XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Unspecified vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-14 | CVE-2024-25142 | Unspecified vulnerability in Apache Airflow Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue. | 5.5 |
| 2024-05-14 | CVE-2024-32077 | Unspecified vulnerability in Apache Airflow 2.9.0 Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. | 5.4 |
| 2024-02-29 | CVE-2024-23946 | Unspecified vulnerability in Apache Ofbiz Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | 5.3 |
| 2024-02-22 | CVE-2024-23349 | Unspecified vulnerability in Apache Answer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. | 5.4 |
| 2024-02-22 | CVE-2024-26578 | Unspecified vulnerability in Apache Answer Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. | 5.9 |
| 2024-02-19 | CVE-2024-25710 | Unspecified vulnerability in Apache Commons Compress Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | 5.5 |