Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2022-45135 Unspecified vulnerability in Apache Cocoon 2.2.0
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0. Users are recommended to upgrade to version 2.3.0, which fixes the issue.
network
low complexity
apache
critical
9.8
2023-11-22 CVE-2023-37924 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in.
network
low complexity
apache
critical
9.8
2023-11-20 CVE-2022-46337 Injection vulnerability in Apache Derby
A cleverly devised username might bypass LDAP authentication checks.
network
low complexity
apache CWE-74
critical
9.8
2023-11-20 CVE-2023-46302 Unspecified vulnerability in Apache Submarine 0.7.0
Apache Software Foundation Apache Submarine has a bug when serializing against yaml.
network
low complexity
apache
critical
9.8
2023-11-09 CVE-2023-47248 Unspecified vulnerability in Apache Pyarrow
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution.
network
low complexity
apache
critical
9.8
2023-10-27 CVE-2023-46604 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp
critical
9.8
2023-10-16 CVE-2023-43668 Authorization Bypass Through User-Controlled Key vulnerability in Apache Inlong
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,  some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... .   Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/8604
network
low complexity
apache CWE-639
critical
9.8
2023-10-11 CVE-2023-44981 Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper.
network
low complexity
apache debian
critical
9.1
2023-09-05 CVE-2023-40743 Unspecified vulnerability in Apache Axis
** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP.
network
low complexity
apache
critical
9.8
2023-08-09 CVE-2023-33934 Unspecified vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
network
low complexity
apache
critical
9.1