Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-22 | CVE-2023-51388 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51389 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-02-22 | CVE-2023-51653 | Injection vulnerability in Apache Hertzbeat Hertzbeat is a real-time monitoring system. | 9.8 |
| 2024-01-15 | CVE-2023-46226 | Unspecified vulnerability in Apache Iotdb 1.0.0/1.1.0/1.2.2 Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue. | 9.8 |
| 2024-01-03 | CVE-2023-51784 | Unspecified vulnerability in Apache Inlong Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9329 | 9.8 |
| 2023-12-26 | CVE-2023-51467 | Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code | 9.8 |
| 2023-12-21 | CVE-2023-51656 | Unspecified vulnerability in Apache Iotdb Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | 9.8 |
| 2023-12-15 | CVE-2023-29234 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
| 2023-12-15 | CVE-2023-46279 | Unspecified vulnerability in Apache Dubbo 3.1.5 Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
| 2023-12-07 | CVE-2023-50164 | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |