Vulnerabilities > Apache > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-24 | CVE-2023-25696 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 |
2023-02-20 | CVE-2023-25613 | Unspecified vulnerability in Apache Identity Backend An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | 9.8 |
2023-02-01 | CVE-2023-24997 | Unspecified vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it. | 9.8 |
2023-01-31 | CVE-2022-24963 | Unspecified vulnerability in Apache Portable Runtime 1.7.0 Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. | 9.8 |
2023-01-31 | CVE-2022-28331 | Unspecified vulnerability in Apache Portable Runtime On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). | 9.8 |
2023-01-21 | CVE-2023-22884 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | 9.8 |
2023-01-17 | CVE-2022-36760 | Unspecified vulnerability in Apache Http Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 9.0 |
2023-01-04 | CVE-2022-45875 | Unspecified vulnerability in Apache Dolphinscheduler Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. | 9.8 |
2023-01-03 | CVE-2021-32824 | Unspecified vulnerability in Apache Dubbo Apache Dubbo is a java based, open source RPC framework. | 9.8 |
2022-12-30 | CVE-2022-44621 | Command Injection vulnerability in Apache Kylin Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request. | 9.8 |