Vulnerabilities > Apache

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-10	CVE-2022-25763	HTTP Request Smuggling vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. network low complexity apache debian fedoraproject CWE-444	7.5
2022-08-10	CVE-2022-28129	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. network low complexity apache debian fedoraproject CWE-20	7.5
2022-08-10	CVE-2022-31778	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. network low complexity apache debian CWE-20	7.5
2022-08-10	CVE-2022-31779	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. network low complexity apache debian fedoraproject CWE-20	7.5
2022-08-10	CVE-2022-31780	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. network low complexity apache debian fedoraproject CWE-20	7.5
2022-08-04	CVE-2022-25168	OS Command Injection vulnerability in Apache Hadoop Apache Hadoop's FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. network low complexity apache CWE-78 critical	9.8
2022-07-19	CVE-2022-34169	Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. network low complexity apache debian oracle fedoraproject netapp azul CWE-681	7.5
2022-07-18	CVE-2022-33891	OS Command Injection vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. network low complexity apache CWE-78	8.8
2022-07-13	CVE-2022-31781	Unspecified vulnerability in Apache Tapestry Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. network low complexity apache	7.5
2022-07-07	CVE-2021-44791	Cross-site Scripting vulnerability in Apache Druid In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. network apache CWE-79	4.3

Vulnerabilities > Apache {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Apache"}]}

Vulnerabilities > Apache