Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2023-03-22 CVE-2023-28708 Unprotected Transport of Credentials vulnerability in Apache Tomcat
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute.
network
low complexity
apache CWE-523
4.3
2023-03-20 CVE-2023-26513 Excessive Iteration vulnerability in Apache Sling Resource Merger
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.
network
low complexity
apache CWE-834
7.5
2023-03-15 CVE-2023-25695 Information Exposure Through an Error Message vulnerability in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
network
low complexity
apache CWE-209
5.3
2023-03-10 CVE-2023-26464 Deserialization of Untrusted Data vulnerability in Apache Log4J
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized.
network
low complexity
apache CWE-502
7.5
2023-03-08 CVE-2023-23638 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache CWE-502
critical
9.8
2023-03-07 CVE-2023-25690 HTTP Request Smuggling vulnerability in Apache Http Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
network
low complexity
apache CWE-444
critical
9.8
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in Apache Http Server
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache CWE-444
7.5
2023-02-24 CVE-2023-25691 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
network
low complexity
apache CWE-20
critical
9.8
2023-02-24 CVE-2023-25692 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google
Improper Input Validation vulnerability in the Apache Airflow Google Provider.
network
low complexity
apache CWE-20
7.5
2023-02-24 CVE-2023-25693 Improper Input Validation vulnerability in Apache Airflow Sqoop Provider
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
network
low complexity
apache CWE-20
critical
9.8