Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-28 | CVE-2024-24779 | Unspecified vulnerability in Apache Superset Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. | 6.5 |
| 2024-02-28 | CVE-2024-26016 | Unspecified vulnerability in Apache Superset A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. | 5.4 |
| 2024-02-28 | CVE-2024-27315 | Unspecified vulnerability in Apache Superset An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. | 4.3 |
| 2024-02-27 | CVE-2023-50380 | Unspecified vulnerability in Apache Ambari XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. | 6.5 |
| 2024-02-27 | CVE-2024-21742 | Injection vulnerability in Apache James Mime4J Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. | 5.3 |
| 2024-02-22 | CVE-2024-23349 | Unspecified vulnerability in Apache Answer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. | 5.4 |
| 2024-02-22 | CVE-2024-26578 | Unspecified vulnerability in Apache Answer Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. | 5.9 |
| 2024-02-19 | CVE-2024-25710 | Unspecified vulnerability in Apache Commons Compress Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. | 5.5 |
| 2024-02-19 | CVE-2024-26308 | Unspecified vulnerability in Apache Commons Compress Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. | 5.5 |
| 2024-02-14 | CVE-2024-23952 | Unspecified vulnerability in Apache Superset This is a duplicate for CVE-2023-46104. | 6.5 |