Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-21 | CVE-2023-51656 | Unspecified vulnerability in Apache Iotdb Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade to version 1.2.2, which fixes the issue. | 9.8 |
2023-12-15 | CVE-2023-29234 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed when decode a malicious package.This issue affects Apache Dubbo: from 3.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
2023-12-15 | CVE-2023-46279 | Unspecified vulnerability in Apache Dubbo 3.1.5 Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Users are recommended to upgrade to the latest version, which fixes the issue. | 9.8 |
2023-12-07 | CVE-2023-50164 | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |
2023-12-05 | CVE-2023-49070 | Unspecified vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |
2023-11-30 | CVE-2023-49733 | Unspecified vulnerability in Apache Cocoon 2.2.0 Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
2023-11-30 | CVE-2022-45135 | Unspecified vulnerability in Apache Cocoon 2.2.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
2023-11-22 | CVE-2023-37924 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. | 9.8 |
2023-11-20 | CVE-2022-46337 | Injection vulnerability in Apache Derby A cleverly devised username might bypass LDAP authentication checks. | 9.8 |
2023-11-20 | CVE-2023-46302 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. | 9.8 |