Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-10 | CVE-2023-27603 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2. | 9.8 |
2023-04-10 | CVE-2023-29215 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. | 9.8 |
2023-04-10 | CVE-2023-29216 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2. | 9.8 |
2023-04-10 | CVE-2023-27987 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. | 9.1 |
2023-04-07 | CVE-2023-28706 | Code Injection vulnerability in Apache Airflow Hive Provider Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. | 9.8 |
2023-03-28 | CVE-2023-28326 | Unspecified vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | 9.8 |
2023-03-08 | CVE-2023-23638 | Unspecified vulnerability in Apache Dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. | 9.8 |
2023-03-07 | CVE-2023-25690 | Unspecified vulnerability in Apache Http Server Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. | 9.8 |
2023-02-24 | CVE-2023-25691 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 9.8 |
2023-02-24 | CVE-2023-25693 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Sqoop Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | 9.8 |