Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-51656 Unspecified vulnerability in Apache Iotdb
Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-12-15 CVE-2023-29234 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-12-15 CVE-2023-46279 Unspecified vulnerability in Apache Dubbo 3.1.5
Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-12-07 CVE-2023-50164 Unspecified vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache
critical
9.8
2023-12-05 CVE-2023-49070 Unspecified vulnerability in Apache Ofbiz
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
network
low complexity
apache
critical
9.8
2023-11-30 CVE-2023-49733 Unspecified vulnerability in Apache Cocoon 2.2.0
Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-11-30 CVE-2022-45135 Unspecified vulnerability in Apache Cocoon 2.2.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-11-22 CVE-2023-37924 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in.
network
low complexity
apache
critical
9.8
2023-11-20 CVE-2022-46337 Injection vulnerability in Apache Derby
A cleverly devised username might bypass LDAP authentication checks.
network
low complexity
apache CWE-74
critical
9.8
2023-11-20 CVE-2023-46302 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has a bug when serializing against yaml.
network
low complexity
apache
critical
9.8