Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-40309 | Unspecified vulnerability in Apache Archiva Users with write permissions to a repository can delete arbitrary directories. | 4.3 |
| 2022-11-15 | CVE-2022-45402 | Open Redirect vulnerability in Apache Airflow In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | 6.1 |
| 2022-11-14 | CVE-2022-45136 | Deserialization of Untrusted Data vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-14 | CVE-2022-45378 | Missing Authentication for Critical Function vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-11-14 | CVE-2022-27949 | Information Exposure vulnerability in Apache Airflow A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). | 7.5 |
| 2022-11-14 | CVE-2022-40127 | Code Injection vulnerability in Apache Airflow A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. | 8.8 |
| 2022-11-07 | CVE-2022-37866 | Path Traversal vulnerability in Apache IVY When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. | 7.5 |
| 2022-11-07 | CVE-2022-42920 | Out-of-bounds Write vulnerability in multiple products Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |
| 2022-11-07 | CVE-2022-37865 | Path Traversal vulnerability in Apache IVY 2.4.0/2.5.0 With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. | 9.1 |
| 2022-11-04 | CVE-2022-33684 | Improper Certificate Validation vulnerability in Apache Pulsar The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. | 8.1 |