Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-07 | CVE-2023-28710 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Spark Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. | 7.5 |
| 2023-04-03 | CVE-2023-26269 | Missing Authorization vulnerability in Apache James Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. | 7.8 |
| 2023-03-30 | CVE-2023-28935 | Command Injection vulnerability in Apache Unstructured Information Management Architecture ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 8.8 |
| 2023-03-28 | CVE-2023-25195 | Server-Side Request Forgery (SSRF) vulnerability in Apache Fineract Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | 8.1 |
| 2023-03-27 | CVE-2023-27296 | Deserialization of Untrusted Data vulnerability in Apache Inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. | 8.8 |
| 2023-03-24 | CVE-2022-38745 | Insecure Default Initialization of Resource vulnerability in Apache Openoffice Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. | 7.8 |
| 2023-03-24 | CVE-2022-47502 | Argument Injection or Modification vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 7.8 |
| 2023-03-20 | CVE-2023-26513 | Excessive Iteration vulnerability in Apache Sling Resource Merger Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | 7.5 |
| 2023-03-10 | CVE-2023-26464 | Deserialization of Untrusted Data vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. | 7.5 |
| 2023-03-07 | CVE-2023-27522 | HTTP Request Smuggling vulnerability in multiple products HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. | 7.5 |