Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2022-28331 | Integer Overflow or Wraparound vulnerability in Apache Portable Runtime On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). | 9.8 |
| 2023-01-31 | CVE-2022-44644 | Improper Input Validation vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. | 6.5 |
| 2023-01-31 | CVE-2022-44645 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. | 8.8 |
| 2023-01-31 | CVE-2023-24829 | Incorrect Authorization vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. | 8.8 |
| 2023-01-30 | CVE-2023-24830 | Improper Authentication vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | 7.5 |
| 2023-01-21 | CVE-2023-22884 | Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | 9.8 |
| 2023-01-17 | CVE-2006-20001 | Out-of-bounds Write vulnerability in Apache Http Server A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. | 7.5 |
| 2023-01-17 | CVE-2022-36760 | HTTP Request Smuggling vulnerability in Apache Http Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 9.0 |
| 2023-01-17 | CVE-2022-37436 | HTTP Response Splitting vulnerability in Apache Http Server Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. | 5.3 |
| 2023-01-16 | CVE-2022-41703 | SQL Injection vulnerability in Apache Superset A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). | 5.4 |