Vulnerabilities > Apache
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-07 | CVE-2022-45910 | Injection vulnerability in Apache Manifoldcf Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | 5.3 |
2022-12-03 | CVE-2021-37533 | Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. | 6.5 |
2022-12-02 | CVE-2022-46366 | Unspecified vulnerability in Apache Tapestry Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. | 9.8 |
2022-11-29 | CVE-2022-44635 | Unspecified vulnerability in Apache Fineract Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. | 8.8 |
2022-11-24 | CVE-2022-26885 | Unspecified vulnerability in Apache Dolphinscheduler When using tasks to read config files, there is a risk of database password disclosure. | 7.5 |
2022-11-23 | CVE-2022-45462 | Unspecified vulnerability in Apache Dolphinscheduler Alarm instance management has command injection when there is a specific command configured. | 9.8 |
2022-11-22 | CVE-2022-38649 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
2022-11-22 | CVE-2022-40189 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. | 9.8 |
2022-11-22 | CVE-2022-40954 | OS Command Injection vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. | 5.5 |
2022-11-22 | CVE-2022-41131 | Unspecified vulnerability in Apache Airflow Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. | 7.8 |