How severe is CVE-2024-31867?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-31867?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-31867

MEDIUM Year: 2024

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-20

View all →

Vulnerability Description

Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue.

CVE-2009-5004

MEDIUM

CVSS:6.5(Medium)

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CWE-202009

CVE-2010-2449

MEDIUM

CVSS:6.5(Medium)

Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.

CWE-202010

CVE-2010-2473

MEDIUM

CVSS:6.5(Medium)

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal si...

CWE-202010

CVE-2010-2490

MEDIUM

CVSS:6.5(Medium)

Mumble: murmur-server has DoS due to malformed client query

CWE-202010

CVE-2010-3050

MEDIUM

CVSS:6.5(Medium)

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

CWE-202010

CVE-2010-3439

MEDIUM

CVSS:6.5(Medium)

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

CWE-202010

CVE-2024-31867

Vulnerability Description

Related Vulnerabilities

CVE-2009-5004

CVE-2010-2449

CVE-2010-2473

CVE-2010-2490

CVE-2010-3050

CVE-2010-3439