Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-31 | CVE-2023-24829 | Incorrect Authorization vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. | 8.8 |
| 2023-01-30 | CVE-2023-24830 | Improper Authentication vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | 7.5 |
| 2023-01-17 | CVE-2006-20001 | Out-of-bounds Write vulnerability in Apache Http Server A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. | 7.5 |
| 2023-01-16 | CVE-2022-43719 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Superset Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. | 8.8 |
| 2023-01-14 | CVE-2023-22602 | Interpretation Conflict vulnerability in multiple products When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. | 7.5 |
| 2023-01-03 | CVE-2022-45143 | Improper Encoding or Escaping of Output vulnerability in Apache Tomcat The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. | 7.5 |
| 2022-12-30 | CVE-2022-43396 | Unspecified vulnerability in Apache Kylin In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. | 8.8 |
| 2022-12-19 | CVE-2022-32749 | Improper Check for Unusual or Exceptional Conditions vulnerability in Apache Traffic Server Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. | 7.5 |
| 2022-12-14 | CVE-2022-34271 | Path Traversal vulnerability in Apache Atlas A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. | 8.8 |
| 2022-12-13 | CVE-2022-46363 | Improper Input Validation vulnerability in Apache CXF A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. | 7.5 |