Vulnerabilities > Apache > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-04 | CVE-2022-45786 | Unspecified vulnerability in Apache AGE There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. | 8.1 |
| 2023-02-01 | CVE-2023-24977 | Unspecified vulnerability in Apache Inlong Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. | 7.5 |
| 2023-01-31 | CVE-2022-44645 | Unspecified vulnerability in Apache Linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. | 8.8 |
| 2023-01-31 | CVE-2023-24829 | Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. | 8.8 |
| 2023-01-30 | CVE-2023-24830 | Unspecified vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. | 7.5 |
| 2023-01-17 | CVE-2006-20001 | Unspecified vulnerability in Apache Http Server A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. | 7.5 |
| 2023-01-16 | CVE-2022-43719 | Unspecified vulnerability in Apache Superset Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. | 8.8 |
| 2023-01-14 | CVE-2023-22602 | When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. | 7.5 |
| 2023-01-03 | CVE-2022-45143 | Unspecified vulnerability in Apache Tomcat The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. | 7.5 |
| 2022-12-30 | CVE-2022-43396 | Unspecified vulnerability in Apache Kylin In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. | 8.8 |