Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-28 | CVE-2023-25195 | Unspecified vulnerability in Apache Fineract Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | 8.1 |
| 2023-03-28 | CVE-2023-25196 | SQL Injection vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. | 4.3 |
| 2023-03-28 | CVE-2023-25197 | Unspecified vulnerability in Apache Fineract Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. | 6.3 |
| 2023-03-27 | CVE-2023-27296 | Unspecified vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. | 8.8 |
| 2023-03-24 | CVE-2022-38745 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. | 7.8 |
| 2023-03-24 | CVE-2022-47502 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 7.8 |
| 2023-03-22 | CVE-2023-28708 | Unspecified vulnerability in Apache Tomcat When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. | 4.3 |
| 2023-03-20 | CVE-2023-26513 | Unspecified vulnerability in Apache Sling Resource Merger Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | 7.5 |
| 2023-03-15 | CVE-2023-25695 | Unspecified vulnerability in Apache Airflow Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. | 5.3 |
| 2023-03-10 | CVE-2023-26464 | Unspecified vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. | 7.5 |