Vulnerabilities > Apache > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2022-45135 | Unspecified vulnerability in Apache Cocoon 2.2.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue. | 9.8 |
| 2023-11-22 | CVE-2023-37924 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. | 9.8 |
| 2023-11-20 | CVE-2022-46337 | Injection vulnerability in Apache Derby A cleverly devised username might bypass LDAP authentication checks. | 9.8 |
| 2023-11-20 | CVE-2023-46302 | Unspecified vulnerability in Apache Submarine 0.7.0 Apache Software Foundation Apache Submarine has a bug when serializing against yaml. | 9.8 |
| 2023-11-09 | CVE-2023-47248 | Unspecified vulnerability in Apache Pyarrow Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. | 9.8 |
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |
| 2023-10-16 | CVE-2023-43668 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Inlong Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8604 | 9.8 |
| 2023-10-11 | CVE-2023-44981 | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. | 9.1 |
| 2023-09-05 | CVE-2023-40743 | Unspecified vulnerability in Apache Axis ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. | 9.8 |
| 2023-08-09 | CVE-2023-33934 | Unspecified vulnerability in Apache Traffic Server Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 9.1 |