Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-26 | CVE-2022-43766 | Unspecified vulnerability in Apache Iotdb Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. | 7.5 |
| 2022-10-25 | CVE-2022-34870 | Cross-site Scripting vulnerability in Apache Geode Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scripting (XSS) via data injection when using Pulse web application to view Region entries. | 5.4 |
| 2022-10-25 | CVE-2022-41704 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. | 7.5 |
| 2022-10-25 | CVE-2022-42890 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. | 7.5 |
| 2022-10-24 | CVE-2021-42010 | Improper Encoding or Escaping of Output vulnerability in Apache Heron Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. | 9.8 |
| 2022-10-19 | CVE-2022-42466 | Cross-site Scripting vulnerability in Apache Isis Prior to 2.0.0-M9, it was possible for an end-user to set the value of an editable string property of a domain object to a value that would be rendered unchanged when the value was saved. | 6.1 |
| 2022-10-19 | CVE-2022-42467 | Insecure Default Initialization of Resource vulnerability in Apache Isis When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. | 5.3 |
| 2022-10-18 | CVE-2022-39198 | Deserialization of Untrusted Data vulnerability in Apache Dubbo A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 and its earlier versions, which could lead to malicious code execution. | 9.8 |
| 2022-10-13 | CVE-2022-24697 | OS Command Injection vulnerability in Apache Kylin Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. | 9.8 |
| 2022-10-13 | CVE-2022-42889 | Code Injection vulnerability in multiple products Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. | 9.8 |