Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-16 | CVE-2022-45047 | Deserialization of Untrusted Data vulnerability in Apache Sshd Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. | 9.8 |
| 2022-11-15 | CVE-2022-40308 | Unspecified vulnerability in Apache Archiva If anonymous read enabled, it's possible to read the database file directly without logging in. | 7.5 |
| 2022-11-15 | CVE-2022-40309 | Unspecified vulnerability in Apache Archiva Users with write permissions to a repository can delete arbitrary directories. | 4.3 |
| 2022-11-15 | CVE-2022-45402 | Unspecified vulnerability in Apache Airflow In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | 6.1 |
| 2022-11-14 | CVE-2022-45136 | Unspecified vulnerability in Apache Jena SDB 3.17.0 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. | 9.8 |
| 2022-11-14 | CVE-2022-45378 | Unspecified vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-11-14 | CVE-2022-27949 | Unspecified vulnerability in Apache Airflow A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). | 7.5 |
| 2022-11-14 | CVE-2022-40127 | Unspecified vulnerability in Apache Airflow A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. | 8.8 |
| 2022-11-07 | CVE-2022-37866 | Unspecified vulnerability in Apache IVY When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. | 7.5 |
| 2022-11-07 | CVE-2022-42920 | Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. | 9.8 |