Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-44635 Path Traversal vulnerability in Apache Fineract
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code.
network
low complexity
apache CWE-22
8.8
2022-11-24 CVE-2022-26885 Insufficiently Protected Credentials vulnerability in Apache Dolphinscheduler
When using tasks to read config files, there is a risk of database password disclosure.
network
low complexity
apache CWE-522
7.5
2022-11-23 CVE-2022-45462 Command Injection vulnerability in Apache Alarm Instance Management
Alarm instance management has command injection when there is a specific command configured.
network
low complexity
apache CWE-77
critical
9.8
2022-11-22 CVE-2022-38649 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
7.8
2022-11-22 CVE-2022-40189 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.
network
low complexity
apache CWE-78
critical
9.8
2022-11-22 CVE-2022-40954 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
5.5
2022-11-22 CVE-2022-41131 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files.
local
low complexity
apache CWE-78
7.8
2022-11-21 CVE-2022-45470 Improper Input Validation vulnerability in Apache Hama
** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS.
network
low complexity
apache CWE-20
7.5
2022-11-16 CVE-2022-45047 Deserialization of Untrusted Data vulnerability in Apache Sshd
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey.
network
low complexity
apache CWE-502
critical
9.8
2022-11-15 CVE-2022-40308 Unspecified vulnerability in Apache Archiva
If anonymous read enabled, it's possible to read the database file directly without logging in.
network
low complexity
apache
7.5