Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-23 | CVE-2022-34305 | Cross-site Scripting vulnerability in Apache Tomcat In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | 4.3 |
| 2022-06-22 | CVE-2022-32549 | Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. | 5.0 |
| 2022-06-17 | CVE-2022-33915 | Race Condition vulnerability in Apache Log4J Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. | 4.4 |
| 2022-06-15 | CVE-2021-33036 | Path Traversal vulnerability in Apache Hadoop In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 9.0 |
| 2022-06-15 | CVE-2022-33140 | OS Command Injection vulnerability in Apache Nifi and Nifi Registry The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. | 6.0 |
| 2022-06-14 | CVE-2022-25167 | Unspecified vulnerability in Apache Flume 1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 7.5 |
| 2022-06-13 | CVE-2021-37404 | Classic Buffer Overflow vulnerability in Apache Hadoop There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. | 7.5 |
| 2022-06-09 | CVE-2022-26377 | HTTP Request Smuggling vulnerability in Apache Http Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. | 5.0 |
| 2022-06-09 | CVE-2022-28330 | Out-of-bounds Read vulnerability in Apache Http Server Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | 5.0 |
| 2022-06-09 | CVE-2022-28614 | Integer Overflow or Wraparound vulnerability in Apache Http Server The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. | 5.0 |