Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-26464 Unspecified vulnerability in Apache Log4J
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2.
network
low complexity
apache
7.5
2023-03-08 CVE-2023-23638 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache
critical
9.8
2023-03-07 CVE-2023-25690 Unspecified vulnerability in Apache Http Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
network
low complexity
apache
critical
9.8
2023-03-07 CVE-2023-27522 HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit
7.5
2023-02-24 CVE-2023-25691 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.
network
low complexity
apache CWE-20
critical
9.8
2023-02-24 CVE-2023-25692 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Google
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.
network
low complexity
apache CWE-20
7.5
2023-02-24 CVE-2023-25693 Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Sqoop
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
network
low complexity
apache
critical
9.8
2023-02-24 CVE-2023-25696 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
network
low complexity
apache CWE-20
critical
9.8
2023-02-24 CVE-2023-25956 Unspecified vulnerability in Apache Apache-Airflow-Providers-Amazon
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.
network
low complexity
apache
7.5
2023-02-23 CVE-2023-25621 Unspecified vulnerability in Apache Sling I18N
Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Any content author is able to create i18n dictionaries in the repository in a location the author has write access to.
network
low complexity
apache
6.5