Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2024-40725 | Unspecified vulnerability in Apache Http Server 2.4.60/2.4.61 A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. | 5.3 |
| 2024-07-17 | CVE-2023-52291 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-29737 | Unspecified vulnerability in Apache Streampark In streampark, the project module integrates Maven's compilation capabilities. | 4.7 |
| 2024-07-17 | CVE-2024-31979 | Unspecified vulnerability in Apache Streampipes Server-Side Request Forgery (SSRF) vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. | 4.3 |
| 2024-07-17 | CVE-2024-39863 | Cross-site Scripting vulnerability in Apache Airflow Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. | 5.4 |
| 2024-07-15 | CVE-2023-41916 | Unspecified vulnerability in Apache Linkis 1.4.0/1.5.0 In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. | 6.5 |
| 2024-07-08 | CVE-2024-37389 | Cross-site Scripting vulnerability in Apache Nifi Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. | 5.4 |
| 2024-06-24 | CVE-2024-27136 | Unspecified vulnerability in Apache Jspwiki XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. | 6.1 |
| 2024-06-22 | CVE-2024-38379 | Unspecified vulnerability in Apache Allura Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users are recommended to upgrade to version 1.17.1, which fixes the issue. | 4.8 |
| 2024-06-20 | CVE-2024-34693 | Unspecified vulnerability in Apache Superset Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. | 5.3 |