Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-10 CVE-2023-27603 Unspecified vulnerability in Apache Linkis
In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.
network
low complexity
apache
critical
9.8
2023-04-10 CVE-2023-29215 Unspecified vulnerability in Apache Linkis
In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution.
network
low complexity
apache
critical
9.8
2023-04-10 CVE-2023-29216 Unspecified vulnerability in Apache Linkis
In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.
network
low complexity
apache
critical
9.8
2023-04-10 CVE-2023-27987 Unspecified vulnerability in Apache Linkis
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value.
network
low complexity
apache
critical
9.1
2023-04-07 CVE-2023-28706 Code Injection vulnerability in Apache Airflow Hive Provider
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.
network
low complexity
apache CWE-94
critical
9.8
2023-03-28 CVE-2023-28326 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
network
low complexity
apache
critical
9.8
2023-03-08 CVE-2023-23638 Unspecified vulnerability in Apache Dubbo
A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
network
low complexity
apache
critical
9.8
2023-03-07 CVE-2023-25690 Unspecified vulnerability in Apache Http Server
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.
network
low complexity
apache
critical
9.8
2023-02-24 CVE-2023-25691 Unspecified vulnerability in Apache Apache-Airflow-Providers-Google
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.
network
low complexity
apache
critical
9.8
2023-02-24 CVE-2023-25693 Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Sqoop
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
network
low complexity
apache
critical
9.8