Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-10 | CVE-2022-25763 | HTTP Request Smuggling vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. | 7.5 |
2022-08-10 | CVE-2022-28129 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. | 7.5 |
2022-08-10 | CVE-2022-31778 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. | 7.5 |
2022-08-10 | CVE-2022-31779 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-10 | CVE-2022-31780 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-04 | CVE-2022-25168 | OS Command Injection vulnerability in Apache Hadoop Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. | 9.8 |
2022-07-19 | CVE-2022-34169 | Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
2022-07-18 | CVE-2022-33891 | OS Command Injection vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
2022-07-13 | CVE-2022-31781 | Unspecified vulnerability in Apache Tapestry Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. | 7.5 |
2022-07-07 | CVE-2021-44791 | Cross-site Scripting vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. | 4.3 |