Vulnerabilities > Apache > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-24977 Unspecified vulnerability in Apache Inlong
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214  to solve it.
network
low complexity
apache
7.5
2023-01-31 CVE-2022-44645 Unspecified vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters.
network
low complexity
apache
8.8
2023-01-31 CVE-2023-24829 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3.
network
low complexity
apache
8.8
2023-01-30 CVE-2023-24830 Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.
network
low complexity
apache
7.5
2023-01-17 CVE-2006-20001 Unspecified vulnerability in Apache Http Server
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent.
network
low complexity
apache
7.5
2023-01-16 CVE-2022-43719 Unspecified vulnerability in Apache Superset
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery.
network
low complexity
apache
8.8
2023-01-14 CVE-2023-22602 When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques.
network
low complexity
apache vmware
7.5
2023-01-03 CVE-2022-45143 Unspecified vulnerability in Apache Tomcat
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values.
network
low complexity
apache
7.5
2022-12-30 CVE-2022-43396 Unspecified vulnerability in Apache Kylin
In the fix for CVE-2022-24697, a blacklist is used to filter user input commands.
network
low complexity
apache
8.8
2022-12-19 CVE-2022-32749 Unspecified vulnerability in Apache Traffic Server
Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3.
network
low complexity
apache
7.5