Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-22 CVE-2023-31453 Unspecified vulnerability in Apache Inlong
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.
network
low complexity
apache
7.5
2023-05-22 CVE-2023-31454 Incorrect Permission Assignment for Critical Resource vulnerability in Apache Inlong
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  The attacker can bind any cluster, even if he is not the cluster owner.
network
low complexity
apache CWE-732
7.5
2023-05-22 CVE-2023-31058 Unspecified vulnerability in Apache Inlong 1.4.0/1.5.0/1.6.0
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
network
low complexity
apache
7.5
2023-05-22 CVE-2023-28709 The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87.
network
low complexity
apache debian netapp
7.5
2023-05-12 CVE-2023-29032 Unspecified vulnerability in Apache Openmeetings
An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
network
high complexity
apache
8.1
2023-05-12 CVE-2023-29246 Unspecified vulnerability in Apache Openmeetings
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
7.2
2023-05-08 CVE-2023-31038 Unspecified vulnerability in Apache Log4Cxx
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications are affected. Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in. Three preconditions must be met for this vulnerability to be possible: 1.
network
low complexity
apache
8.8
2023-05-05 CVE-2021-40331 Unspecified vulnerability in Apache Ranger
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin.
network
low complexity
apache
8.1
2023-05-05 CVE-2022-45048 Unspecified vulnerability in Apache Ranger 2.3.0
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0.
network
low complexity
apache
8.8
2023-05-02 CVE-2023-32007 Unspecified vulnerability in Apache Spark
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache
8.8