High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-31	CVE-2023-44313	Unspecified vulnerability in Apache Servicecomb Server-Side Request Forgery (SSRF) vulnerability in Apache ServiceComb Service-Center. network low complexity apache	7.5
2024-01-29	CVE-2023-29055	Unspecified vulnerability in Apache Kylin In Apache Kylin version 2.0.0 to 4.0.3, there is a Server Config web interface that displays the content of file 'kylin.properties', that may contain serverside credentials. network low complexity apache	7.5
2024-01-24	CVE-2023-50943	Deserialization of Untrusted Data vulnerability in Apache Airflow Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. network low complexity apache CWE-502	7.5
2024-01-06	CVE-2023-51441	Unspecified vulnerability in Apache Axis UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. network low complexity apache	7.2
2024-01-03	CVE-2023-51785	Unspecified vulnerability in Apache Inlong 1.7.0/1.8.0/1.9.0 Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9331 network low complexity apache	7.5
2023-12-30	CVE-2023-49299	Unspecified vulnerability in Apache Dolphinscheduler Improper Input Validation vulnerability in Apache DolphinScheduler. network low complexity apache	8.8
2023-12-29	CVE-2023-47804	Argument Injection or Modification vulnerability in Apache Openoffice Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. network low complexity apache CWE-88	8.8
2023-12-26	CVE-2023-50968	Server-Side Request Forgery (SSRF) vulnerability in Apache Ofbiz Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. The same uri can be operated to realize a SSRF attack also without authorizations. Users are recommended to upgrade to version 18.12.11, which fixes this issue. network low complexity apache CWE-918	7.5
2023-12-22	CVE-2023-51387	Unspecified vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. network low complexity apache	8.8
2023-12-22	CVE-2023-51650	Unspecified vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. network low complexity apache	7.5