Vulnerabilities > Apache

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-34305 Cross-site Scripting vulnerability in Apache Tomcat
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.
network
apache CWE-79
4.3
2022-06-22 CVE-2022-32549 Improper Encoding or Escaping of Output vulnerability in Apache Sling API and Sling Commons LOG
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection.
network
low complexity
apache CWE-116
5.0
2022-06-17 CVE-2022-33915 Race Condition vulnerability in Apache Log4J
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation.
local
apache CWE-362
4.4
2022-06-15 CVE-2021-33036 Path Traversal vulnerability in Apache Hadoop
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-22
critical
9.0
2022-06-15 CVE-2022-33140 OS Command Injection vulnerability in Apache Nifi and Nifi Registry
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.
network
apache CWE-78
6.0
2022-06-14 CVE-2022-25167 Unspecified vulnerability in Apache Flume 1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
low complexity
apache
7.5
2022-06-13 CVE-2021-37404 Classic Buffer Overflow vulnerability in Apache Hadoop
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code.
network
low complexity
apache CWE-120
7.5
2022-06-09 CVE-2022-26377 HTTP Request Smuggling vulnerability in Apache Http Server
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.
network
low complexity
apache CWE-444
5.0
2022-06-09 CVE-2022-28330 Out-of-bounds Read vulnerability in Apache Http Server
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.
network
low complexity
apache CWE-125
5.0
2022-06-09 CVE-2022-28614 Integer Overflow or Wraparound vulnerability in Apache Http Server
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.
network
low complexity
apache CWE-190
5.0