Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-08 | CVE-2023-25754 | Unspecified vulnerability in Apache Airflow Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. | 9.8 |
| 2023-05-08 | CVE-2023-29247 | Unspecified vulnerability in Apache Airflow Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. | 5.4 |
| 2023-05-08 | CVE-2023-31038 | Unspecified vulnerability in Apache Log4Cxx SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. | 8.8 |
| 2023-05-08 | CVE-2023-31039 | Unspecified vulnerability in Apache Brpc Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. | 9.8 |
| 2023-05-05 | CVE-2021-40331 | Unspecified vulnerability in Apache Ranger An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. | 8.1 |
| 2023-05-05 | CVE-2022-45048 | Unspecified vulnerability in Apache Ranger 2.3.0 Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. | 8.8 |
| 2023-05-02 | CVE-2023-26268 | Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions: * validate_doc_update * list * filter * filter views (using view functions as filters) * rewrite * update This doesn't affect map/reduce or search (Dreyfus) index functions. Users are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3). Workaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment. | 5.3 |
| 2023-05-02 | CVE-2023-32007 | Unspecified vulnerability in Apache Spark ** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
| 2023-05-01 | CVE-2022-45801 | Unspecified vulnerability in Apache Streampark Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. | 5.4 |
| 2023-05-01 | CVE-2022-45802 | Unspecified vulnerability in Apache Streampark Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later | 9.8 |