Filtered by vendor Apache Subscriptions
Total 2544 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-5004 2 Apache, Redhat 2 Qpid-cpp, Enterprise Mrg 2024-11-21 6.5 Medium
qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .
CVE-2009-4267 1 Apache 1 Juddi 2024-11-21 N/A
The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter.
CVE-2024-42361 1 Apache 1 Hertzbeat 2024-09-03 7.5 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it executes a SQL query with user-controlled data, allowing for SQL injection.
CVE-2024-42362 2 Apache, Dromara 2 Hertzbeat, Hertzbeat 2024-08-28 8.8 High
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.