Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2023-03-28 CVE-2023-28326 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
network
low complexity
apache
critical
9.8
2023-03-28 CVE-2023-25195 Unspecified vulnerability in Apache Fineract
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic.  This issue affects Apache Fineract: from 1.4 through 1.8.3.
network
low complexity
apache
8.1
2023-03-28 CVE-2023-25196 SQL Injection vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components.
network
low complexity
apache CWE-89
4.3
2023-03-28 CVE-2023-25197 Unspecified vulnerability in Apache Fineract
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components.
network
low complexity
apache
6.3
2023-03-27 CVE-2023-27296 Unspecified vulnerability in Apache Inlong
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0.
network
low complexity
apache
8.8
2023-03-24 CVE-2022-38745 Unspecified vulnerability in Apache Openoffice
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path.
local
low complexity
apache
7.8
2023-03-24 CVE-2022-47502 Unspecified vulnerability in Apache Openoffice
Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments.
local
low complexity
apache
7.8
2023-03-22 CVE-2023-28708 Unspecified vulnerability in Apache Tomcat
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute.
network
low complexity
apache
4.3
2023-03-20 CVE-2023-26513 Unspecified vulnerability in Apache Sling Resource Merger
Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2.
network
low complexity
apache
7.5
2023-03-15 CVE-2023-25695 Unspecified vulnerability in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
network
low complexity
apache
5.3