Vulnerabilities > Apache > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-02-24 CVE-2023-25696 Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Hive
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3.
network
low complexity
apache CWE-20
critical
9.8
2023-02-20 CVE-2023-25613 Unspecified vulnerability in Apache Identity Backend
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. 
network
low complexity
apache
critical
9.8
2023-02-01 CVE-2023-24997 Unspecified vulnerability in Apache Inlong
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223  to solve it.
network
low complexity
apache
critical
9.8
2023-01-31 CVE-2022-24963 Unspecified vulnerability in Apache Portable Runtime 1.7.0
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
network
low complexity
apache
critical
9.8
2023-01-31 CVE-2022-28331 Unspecified vulnerability in Apache Portable Runtime
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv().
network
low complexity
apache
critical
9.8
2023-01-21 CVE-2023-22884 Unspecified vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
network
low complexity
apache
critical
9.8
2023-01-17 CVE-2022-36760 Unspecified vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
high complexity
apache
critical
9.0
2023-01-04 CVE-2022-45875 Unspecified vulnerability in Apache Dolphinscheduler
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability.
network
low complexity
apache
critical
9.8
2023-01-03 CVE-2021-32824 Unspecified vulnerability in Apache Dubbo
Apache Dubbo is a java based, open source RPC framework.
network
low complexity
apache
critical
9.8
2022-12-30 CVE-2022-44621 Command Injection vulnerability in Apache Kylin
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request.
network
low complexity
apache CWE-77
critical
9.8