Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-28 | CVE-2024-24773 | Incorrect Authorization vulnerability in Apache Superset Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. | 6.5 |
| 2024-02-28 | CVE-2024-24779 | Unspecified vulnerability in Apache Superset Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. | 6.5 |
| 2024-02-28 | CVE-2024-26016 | Unspecified vulnerability in Apache Superset A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. | 5.4 |
| 2024-02-28 | CVE-2024-27315 | Unspecified vulnerability in Apache Superset An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. | 4.3 |
| 2024-02-27 | CVE-2023-50380 | Unspecified vulnerability in Apache Ambari XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. | 6.5 |
| 2024-02-22 | CVE-2024-23349 | Unspecified vulnerability in Apache Answer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. | 5.4 |
| 2024-02-22 | CVE-2024-26578 | Unspecified vulnerability in Apache Answer Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. | 5.9 |
| 2024-02-19 | CVE-2024-25710 | Unspecified vulnerability in Apache Commons Compress Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | 5.5 |
| 2024-02-19 | CVE-2024-26308 | Unspecified vulnerability in Apache Commons Compress Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | 5.5 |
| 2024-02-14 | CVE-2024-23952 | Unspecified vulnerability in Apache Superset This is a duplicate for CVE-2023-46104. | 6.5 |