Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-18 | CVE-2022-23307 | Deserialization of Untrusted Data vulnerability in Apache Chainsaw and Log4J CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. | 10.0 |
| 2022-01-17 | CVE-2021-42357 | Cross-site Scripting vulnerability in Apache Knox When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. | 4.3 |
| 2022-01-11 | CVE-2021-41767 | Information Exposure vulnerability in Apache Guacamole Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. | 4.0 |
| 2022-01-11 | CVE-2021-43999 | Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0 Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. | 6.0 |
| 2022-01-10 | CVE-2021-43297 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. | 7.5 |
| 2022-01-06 | CVE-2021-43045 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro 1.10.1/1.10.2 A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. | 5.0 |
| 2022-01-06 | CVE-2021-27738 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. | 5.0 |
| 2022-01-06 | CVE-2021-31522 | Unsafe Reflection vulnerability in Apache Kylin Kylin can receive user input and load any class through Class.forName(...). | 7.5 |
| 2022-01-06 | CVE-2021-36774 | Exposure of Resource to Wrong Sphere vulnerability in Apache Kylin Apache Kylin allows users to read data from other database systems using JDBC. | 4.0 |
| 2022-01-06 | CVE-2021-45456 | Command Injection vulnerability in Apache Kylin 4.0.0 Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user. | 7.5 |