Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-22 | CVE-2023-31064 | Unspecified vulnerability in Apache Inlong Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. | 7.5 |
| 2023-05-22 | CVE-2023-31103 | Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it. | 7.5 |
| 2023-05-22 | CVE-2023-31206 | Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. | 7.5 |
| 2023-05-22 | CVE-2023-31453 | Unspecified vulnerability in Apache Inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. | 7.5 |
| 2023-05-22 | CVE-2023-31454 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. | 7.5 |
| 2023-05-22 | CVE-2023-31058 | Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. | 7.5 |
| 2023-05-22 | CVE-2023-28709 | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. | 7.5 |
| 2023-05-12 | CVE-2023-29032 | Unspecified vulnerability in Apache Openmeetings An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | 8.1 |
| 2023-05-12 | CVE-2023-29246 | Unspecified vulnerability in Apache Openmeetings An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | 7.2 |
| 2023-05-08 | CVE-2023-31038 | Unspecified vulnerability in Apache Log4Cxx SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1. | 8.8 |