Vulnerabilities > Apache > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-01 | CVE-2023-24977 | Unspecified vulnerability in Apache Inlong Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. | 7.5 |
2023-01-31 | CVE-2022-44645 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. | 8.8 |
2023-01-31 | CVE-2023-24829 | Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. | 8.8 |
2023-01-30 | CVE-2023-24830 | Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | 7.5 |
2023-01-17 | CVE-2006-20001 | Unspecified vulnerability in Apache Http Server A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. | 7.5 |
2023-01-16 | CVE-2022-43719 | Unspecified vulnerability in Apache Superset Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. | 8.8 |
2023-01-14 | CVE-2023-22602 | When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. | 7.5 |
2023-01-03 | CVE-2022-45143 | Unspecified vulnerability in Apache Tomcat The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. | 7.5 |
2022-12-30 | CVE-2022-43396 | Unspecified vulnerability in Apache Kylin In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. | 8.8 |
2022-12-19 | CVE-2022-32749 | Unspecified vulnerability in Apache Traffic Server Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. | 7.5 |