Vulnerabilities > Apache > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-22 | CVE-2022-44730 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | 4.4 |
| 2023-08-18 | CVE-2023-40037 | Incorrect Comparison vulnerability in Apache Nifi 1.21.0/1.22.0 Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. | 6.5 |
| 2023-08-06 | CVE-2023-37581 | Cross-site Scripting vulnerability in Apache Roller Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
| 2023-07-25 | CVE-2023-38435 | Cross-site Scripting vulnerability in Apache Felix Health Check Webconsole Plugin 0.1.1/2.0.0/2.0.2 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher. | 6.1 |
| 2023-07-25 | CVE-2023-34189 | Exposure of Resource to Wrong Sphere vulnerability in Apache Inlong Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. | 6.5 |
| 2023-07-12 | CVE-2022-46651 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. | 6.5 |
| 2023-07-12 | CVE-2023-22887 | Path Traversal vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. | 6.5 |
| 2023-07-12 | CVE-2023-22888 | Unspecified vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. | 6.5 |
| 2023-07-12 | CVE-2023-31007 | Improper Authentication vulnerability in Apache Pulsar Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false. This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0. 2.9 Pulsar Broker users should upgrade to at least 2.9.5. 2.10 Pulsar Broker users should upgrade to at least 2.10.4. 2.11 Pulsar Broker users should upgrade to at least 2.11.1. 3.0 Pulsar Broker users are unaffected. Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions. | 6.5 |
| 2023-07-12 | CVE-2023-35908 | Incorrect Authorization vulnerability in Apache Airflow Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected | 6.5 |