Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2022-01-18 CVE-2022-23307 Deserialization of Untrusted Data vulnerability in Apache Chainsaw and Log4J
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw.
network
low complexity
apache CWE-502
critical
10.0
2022-01-17 CVE-2021-42357 Cross-site Scripting vulnerability in Apache Knox
When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing.
network
apache CWE-79
4.3
2022-01-11 CVE-2021-41767 Information Exposure vulnerability in Apache Guacamole
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses.
network
low complexity
apache CWE-200
4.0
2022-01-11 CVE-2021-43999 Improper Authentication vulnerability in Apache Guacamole 1.2.0/1.3.0
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider.
network
apache CWE-287
6.0
2022-01-10 CVE-2021-43297 Deserialization of Untrusted Data vulnerability in Apache Dubbo
A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.
network
low complexity
apache CWE-502
7.5
2022-01-06 CVE-2021-43045 Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro 1.10.1/1.10.2
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack.
network
low complexity
apache CWE-770
5.0
2022-01-06 CVE-2021-27738 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator.
network
low complexity
apache CWE-918
5.0
2022-01-06 CVE-2021-31522 Unsafe Reflection vulnerability in Apache Kylin
Kylin can receive user input and load any class through Class.forName(...).
network
low complexity
apache CWE-470
7.5
2022-01-06 CVE-2021-36774 Exposure of Resource to Wrong Sphere vulnerability in Apache Kylin
Apache Kylin allows users to read data from other database systems using JDBC.
network
low complexity
apache CWE-668
4.0
2022-01-06 CVE-2021-45456 Command Injection vulnerability in Apache Kylin 4.0.0
Apache kylin checks the legitimacy of the project before executing some commands with the project name passed in by the user.
network
low complexity
apache CWE-77
7.5