CVE-2023-28707 Airflow Apache Drill Provider Arbitrary File Read Vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...

CVE-2023-28707

Apache Airflow Drill Provider (Apache Software Foundation) before 2.3.2 is affected by an improper input validation vulnerability in drill connections (unsanitized host). This can enable reading arbitrary files exposed by the vulnerable component. CVSS v3.1 base score 7.5 (HIGH). Remediation: upg...

MGASA-2023-0123 Updated libapreq2 packages fix security vulnerability

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. CVE-2022-22728...

CVE-2023-28935

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" DUCC module of Apache UIMA, an authenticated user that has the permissions ...

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

Design/Logic Flaw

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-28326 Apache OpenMeetings: allows user impersonation

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-28326 Apache OpenMeetings: allows user impersonation

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room...

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2...

CVE-2023-25197

Apache Fineract has a SQL injection vulnerability (CVE-2023-25197) due to improper neutralization of special elements in certain procedure calls. Affected versions are 1.4 through 1.8.2 (some sources note up to 1.8.3). Authorized users may exploit this with limited impact on components. The root ...

CVE-2023-25196 Apache Fineract: SQL injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

CVE-2023-25196

The CVE-2023-25196 entry concerns an SQL Injection vulnerability in Apache Fineract. Affected software is Apache Fineract versions 1.4 through 1.8.2 (as per multiple sources). The root cause is improper neutralization of special elements used in SQL commands, enabling authorized users to change o...

CVE-2023-25195 Apache Fineract: SSRF template type vulnerability in certain authenticated users

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

CVE-2023-27296

CVE-2023-27296 affects Apache InLong versions 1.1.0–1.5.0. The root cause is unsafe deserialization of untrusted data in the JDBC flow (notably MySQLDataNode), enabling potential code execution. Impact is high (CVSS 3.1 base score 8.8; Confidentiality, Integrity, Availability all High). A fix exi...

GHSA-RWRX-X2HW-9H5W Apache Sling Resource Merger has Excessive Iteration vulnerability

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger. This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

CVE-2023-26513

CVE-2023-26513 describes an Excessive Iteration vulnerability in the Apache Sling Resource Merger. Affected: Apache Sling Resource Merger versions 1.2.0 through 1.4.2. Root cause: not explicitly detailed beyond the excessive iteration issue in the Resource Merger. Impact: potential DoS via reques...

CVE-2023-26513 Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...