Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache software foundation vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-0189
The authentication module for Apache 2.0.40 up to and including 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote malicious users to cause a denial of service (failed Basic authentication with valid usernames and...
Apache Http Server 2.0.42
Apache Http Server 2.0.44
Apache Http Server 2.0.41
Apache Http Server 2.0.45
Apache Http Server 2.0.40
Apache Http Server 2.0.43
7.5
CVSSv3
CVE-2023-50968
Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.1...
Apache Ofbiz
7.5
CVSSv3
CVE-2023-24977
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 up to and including 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https...
Apache Inlong
9.8
CVSSv3
CVE-2023-24997
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 up to and including 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/...
Apache Inlong
NA
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts prior to 1.2.9 allows remote malicious users to inject arbitrary web script or HTML via the parameter name, whi...
Apache Struts
8.8
CVSSv3
CVE-2023-30429
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: prior to 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authentic...
Apache Pulsar 2.11.0
Apache Pulsar
9.8
CVSSv3
CVE-2023-28706
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: prior to 6.0.0.
Apache Airflow Hive Provider
6.1
CVSSv3
CVE-2022-47500
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI ...
Apache Helix
8.8
CVSSv3
CVE-2023-24829
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 prior to 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed...
Apache Iotdb
7.5
CVSSv3
CVE-2023-46227
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 up to and including 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] t...
Apache Inlong
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »