Filtered by vendor Apache
Subscriptions
Total
2544 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-5004 | 2 Apache, Redhat | 2 Qpid-cpp, Enterprise Mrg | 2024-11-21 | 6.5 Medium |
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use . | ||||
CVE-2009-4267 | 1 Apache | 1 Juddi | 2024-11-21 | N/A |
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter. | ||||
CVE-2024-42361 | 1 Apache | 1 Hertzbeat | 2024-09-03 | 7.5 High |
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection. | ||||
CVE-2024-42362 | 2 Apache, Dromara | 2 Hertzbeat, Hertzbeat | 2024-08-28 | 8.8 High |
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0. |