CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32077 – Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
https://notcve.org/view.php?id=CVE-2024-32077
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. Apache Airflow versión 2.9.0 tiene una vulnerabilidad que permite a un atacante autenticado inyectar datos maliciosos en los registros de instancias de tareas. Se recomienda a los usuarios actualizar a la versión 2.9.1, que soluciona este problema. • http://www.openwall.com/lists/oss-security/2024/05/14/1 https://github.com/apache/airflow/pull/38882 https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34365 – Apache Karaf Cave: Cave SSRF and arbitrary file access
https://notcve.org/view.php?id=CVE-2024-34365
Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vulnerabilidad de validación de entrada incorrecta en Apache Karaf Cave. Este problema afecta a todas las versiones de Apache Karaf Cave. Como este proyecto está retirado, no planeamos lanzar una versión que solucione este problema. • http://www.openwall.com/lists/oss-security/2024/05/09/5 https://karaf.apache.org/security/cve-2024-34365.txt • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26579 – Apache Inlong JDBC Vulnerability
https://notcve.org/view.php?id=CVE-2024-26579
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 Vulnerabilidad de deserialización de datos no confiables en Apache InLong. Este problema afecta a Apache InLong: desde 1.7.0 hasta 1.11.0, los atacantes pueden eludir el uso de parámetros maliciosos. Se recomienda a los usuarios actualizar a Apache InLong 1.12.0 o seleccionar [1], [2] para resolverlo. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 • http://www.openwall.com/lists/oss-security/2024/05/09/2 https://github.com/advisories/GHSA-fgh3-pwmp-3qw3 https://lists.apache.org/thread/d2hndtvh6bll4pkl91o2oqxyynhr54k3 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 88%CPEs: 1EXPL: 4CVE-2024-32113 – Apache OFBiz Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.13. Se recomienda a los usuarios actualizar a la versión 18.12.13, que soluciona el problema. Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. • https://www.exploit-db.com/exploits/52020 https://github.com/Mr-xn/CVE-2024-32113 https://github.com/RacerZ-fighting/CVE-2024-32113-POC https://github.com/YongYe-Security/CVE-2024-32113 http://www.openwall.com/lists/oss-security/2024/05/09/1 https://issues.apache.org/jira/browse/OFBIZ-13006 https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28148 – Apache Superset: Incorrect datasource authorization on explore REST API
https://notcve.org/view.php?id=CVE-2024-28148
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue. Un usuario autenticado podría acceder a los metadatos de una fuente de datos para la que no está autorizado a ver enviando una solicitud de API REST específica. Este problema afecta a Apache Superset: anterior a 4.0.0. Se recomienda a los usuarios actualizar a la versión 4.0.0, que soluciona el problema. • https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo • CWE-863: Incorrect Authorization •