Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-22 | CVE-2023-28708 | Unprotected Transport of Credentials vulnerability in Apache Tomcat When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. | 4.3 |
| 2023-03-20 | CVE-2023-26513 | Excessive Iteration vulnerability in Apache Sling Resource Merger Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | 7.5 |
| 2023-03-15 | CVE-2023-25695 | Information Exposure Through an Error Message vulnerability in Apache Airflow Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. | 5.3 |
| 2023-03-10 | CVE-2023-26464 | Deserialization of Untrusted Data vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. | 7.5 |
| 2023-03-08 | CVE-2023-23638 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. | 9.8 |
| 2023-03-07 | CVE-2023-25690 | HTTP Request Smuggling vulnerability in Apache Http Server Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. | 9.8 |
| 2023-03-07 | CVE-2023-27522 | HTTP Request Smuggling vulnerability in Apache Http Server HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. | 7.5 |
| 2023-02-24 | CVE-2023-25691 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. | 9.8 |
| 2023-02-24 | CVE-2023-25692 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. | 7.5 |
| 2023-02-24 | CVE-2023-25693 | Improper Input Validation vulnerability in Apache Airflow Sqoop Provider Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. | 9.8 |