Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-24 | CVE-2022-38745 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. | 7.8 |
| 2023-03-24 | CVE-2022-47502 | Unspecified vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. | 7.8 |
| 2023-03-20 | CVE-2023-26513 | Unspecified vulnerability in Apache Sling Resource Merger Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | 7.5 |
| 2023-03-10 | CVE-2023-26464 | Unspecified vulnerability in Apache Log4J ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. | 7.5 |
| 2023-03-07 | CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. | 7.5 |
| 2023-02-24 | CVE-2023-25692 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Google Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. | 7.5 |
| 2023-02-24 | CVE-2023-25956 | Unspecified vulnerability in Apache Apache-Airflow-Providers-Amazon Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. | 7.5 |
| 2023-02-20 | CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | 7.5 |
| 2023-02-15 | CVE-2022-42735 | Improper Privilege Management vulnerability in Apache Shenyu 2.5.0 Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . | 8.8 |
| 2023-02-14 | CVE-2023-25141 | Unspecified vulnerability in Apache Sling JCR Base Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability when running on old JDK versions (JDK 1.8.191 or earlier) through utility functions in RepositoryAccessor. | 7.5 |