Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-05 | CVE-2023-49070 | Unspecified vulnerability in Apache Ofbiz Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 | 9.8 |
| 2023-11-30 | CVE-2023-49733 | Unspecified vulnerability in Apache Cocoon 2.2.0 Improper Restriction of XML External Entity Reference vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
| 2023-11-30 | CVE-2022-45135 | Unspecified vulnerability in Apache Cocoon 2.2.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
| 2023-11-22 | CVE-2023-37924 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. | 9.8 |
| 2023-11-20 | CVE-2022-46337 | Injection vulnerability in Apache Derby A cleverly devised username might bypass LDAP authentication checks. | 9.8 |
| 2023-11-20 | CVE-2023-46302 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. | 9.8 |
| 2023-11-09 | CVE-2023-47248 | Unspecified vulnerability in Apache Pyarrow Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. | 9.8 |
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |
| 2023-10-16 | CVE-2023-43668 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Inlong Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | 9.8 |
| 2023-10-11 | CVE-2023-44981 | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. | 9.1 |