Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-10 | CVE-2023-29215 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. | 9.8 |
| 2023-04-10 | CVE-2023-29216 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2. | 9.8 |
| 2023-04-10 | CVE-2023-27987 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. | 9.1 |
| 2023-04-07 | CVE-2023-28706 | Code Injection vulnerability in Apache Airflow Hive Provider Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. | 9.8 |
| 2023-04-07 | CVE-2023-28707 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Drill Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. | 7.5 |
| 2023-04-07 | CVE-2023-28710 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Spark Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. | 7.5 |
| 2023-04-03 | CVE-2023-26269 | Unspecified vulnerability in Apache James Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. | 7.8 |
| 2023-03-30 | CVE-2023-28935 | Unspecified vulnerability in Apache Unstructured Information Management Architecture ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 8.8 |
| 2023-03-29 | CVE-2023-28158 | Unspecified vulnerability in Apache Archiva Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. | 5.4 |
| 2023-03-28 | CVE-2023-28326 | Unspecified vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | 9.8 |